|Applies To||RSA Certificate Manager 6.9 build 551|
CMP v2 over HTTP
CMP Server configured with CMP onestep plugin (the parameter 'plugin' is set to 'onestep' in RSA_CM/CmpServer/conf/cmp.conf)
|Issue||CMP Server does not respond to CMP Client if CMP Autovetting is NOT enabled|
When CMP Autovetting is disabled in the corresponding jurisdiction, network packet capture shows IR message sent from CMP Client to the RSA Certificate Manager CMP Server. However, there is no response (IP message) from CMP Server.
When CMP Autovetting is enabled in the corresponding jurisdiction, everything works fine. In a response to CMP Client's IR message, a certificate is issued and an IP message response is received from CMP Server.
Changing 'timeout' value in cmp.conf from the default of 86400 (in seconds) to a lower value, such as 10 seconds, does not change the behavior (of no response from CMP Server). Note that the timeout value set in cmp.conf is used for 'CheckAfter' in CMP Server's response to client, and can be used by CMP Client for polling interval.
|Cause||Root cause is not known for the incorrect behavior described above. CMP v2 over HTTP/HTTPS is a new feature introduced in RSA Certificate Manager 6.9, and a few bug fixes and changes have been made in later builds. Upgrading to build 554 resolves this issue.|
|Resolution||Apply build 554, or the latest available build, to the RSA Certificate Manager 6.9 build 551. Updating RSA Certificate Manager to build 554, or the latest available build, resolves this issue.|
|Legacy Article ID||a61584|