on Jun 14, 2016Article Content
| Article Number | 000030827 |
| Applies To | RSA Product Set: Digital Certificate Solutions RSA Product/Service Type: Certificate Manager RSA Version/Condition: 6.9 Platform: Solaris or Linux |
| Issue | The CRL or delta CRL file is not being updated in the directory where it is meant to be published (based on configuration of Local Complete CRL Publishing to HTTP Server). |
| Cause | Any issue that prevents RCM from writing CRL to the file or directory can prevent publication. A common reason is that file permissions are incorrect on the destination file or directory. |
| Resolution | File PermissionsUse the ls -l command to check that any existing CRL file or delta CRL file has the correct file permissions. Local CRL publishing to HTTP server uses the following folder to write CRL files to: <rcm-install-folder>/RSA_CM/WebServer/crl-server The file owner should be the user and group under which RCM (specifically, its Web Server httpds) is running. User and Group are configured in <rcm-install-folder>/RSA_CM/WebServer/conf/httpd.conf . User and group for a file can be changed with the chown command. For example: chown rcmuser:rcmgroup filename.crl File permissions should be set to -rw-rw-r-- . If that is not set correctly, it can be changed using the chmod command. For example: chmod 664 filename.crl (664 is equivalent to the required permissions -rw-rw-r--). Directory PermissionsPerform the same checks to ensure the full directory path is also accessible to the Web Server's User and Group. The same commands as above can be used to change directory owner and permissions. Other CausesIf the above does not resolve the problem, check the RCM logs for events that may indicate other causes. For further information, refer the RSA Certificate Manager Administrator’s Guide, chapter "Troubleshooting RSA Certificate Manager", section "Trace Logging". |