000015010 - Revocation List Timers - High Availability not working

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015010
Applies ToRSA Certificate Manager 6.8
Microsoft Windows 2003
Solaris 10
ADAM High Availability
Sun One High Availability
IssueRevocation List Timers -  High Availability not working
Configured RSA CM 6.8 with external LDAP.  RCM is not able to generate CRL automatically when configured through Revocation List Timer - High Availability.
The basic installation (with internal Secure Directory) it works fine.
CauseIP address was used to configure Revocation List Timers - High Availability configuration page.
The host name used to configure primary and/or secondary instance on Revocation List Timers - High Availability configuration page did not match with the host name RSA CM detected internally.
ResolutionFully-qualified host name (and not IP), in most cases, should be used when configuring Revocation List Timers - High Availability page.  Additionally, the host name configured on admin interface must match with what RCM automatically detects internally.  Here are the steps required to configure revocation list timers when high availability is configured:
1. Configure CRL timers for a CA through System Configuration workbench -> Configure Revocation List Timers
2. Configure the primary instance hostname (FQDN and not IP address) and secure port through System Configuration -> Revocation List Timers - High Availability (see Note below to obtain a tool to determine the hostname RCM detects internally)
3. Restart RCM instances.
NotesContact RSA Customer Support to obtain a tool called "gethostname" (only available for Windows and Solaris platforms).  Run gethostname on the command prompt and note the host name shown against "Official name:".  For example, here is a sample output:
C:\> gethostname
gethostname retrieved rsatestbox
Calling gethostbyname with rsatestbox
Function returned:
        Official name: rsatestbox.internal.rsa.net
        Address type: AF_INET
        Address length: 4
        IP Address #1: 123.12.12.123
        IP Address #2: 192.168.123.123
        IP Address #3: 192.168.234.1
        IP Address #4: 192.168.345.1

C:\> gethostname ?
usage: gethostname
 or
       gethostname ipv4address
 or
       gethostname hostname
For example:
  to detect local host name
       gethostname
  to return the host based on IP
       gethostname 127.0.0.1
  to return the IP addresses for a host
       gethostname www.rsa.com
Legacy Article IDa46692

Attachments

    Outcomes