000012070 - CMP Server does not respond to CMP Client if CMP Autovetting is NOT enabled

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012070
Applies ToRSA Certificate Manager 6.9 build 551
CMP v2 over HTTP
CMP Server configured with CMP onestep plugin (the parameter 'plugin' is set to 'onestep' in RSA_CM/CmpServer/conf/cmp.conf)
IssueCMP Server does not respond to CMP Client if CMP Autovetting is NOT enabled
When CMP Autovetting is disabled in the corresponding jurisdiction, network packet capture shows IR message sent from CMP Client to the RSA Certificate Manager CMP Server.  However, there is no response (IP message) from CMP Server.
When CMP Autovetting is enabled in the corresponding jurisdiction, everything works fine. In a response to CMP Client's IR message, a certificate is issued and an IP message response is received from CMP Server.
Changing 'timeout' value in cmp.conf from the default of 86400 (in seconds) to a lower value, such as 10 seconds, does not change the behavior (of no response from CMP Server).  Note that the timeout value set in cmp.conf is used for 'CheckAfter' in CMP Server's response to client, and can be used by CMP Client for polling interval.
CauseRoot cause is not known for the incorrect behavior described above.  CMP v2 over HTTP/HTTPS is a new feature introduced in RSA Certificate Manager 6.9, and a few bug fixes and changes have been made in later builds. Upgrading to build 554 resolves this issue.
ResolutionApply build 554, or the latest available build, to the RSA Certificate Manager 6.9 build 551.  Updating RSA Certificate Manager to build 554, or the latest available build, resolves this issue.
NotesCERTMGR-4256
Legacy Article IDa61584

Attachments

    Outcomes