000030827 - CRL or delta CRL not being published

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030827
Applies ToRSA Product Set: Digital Certificate Solutions
RSA Product/Service Type: Certificate Manager
RSA Version/Condition: 6.9
Platform: Solaris or Linux
IssueThe CRL or delta CRL file is not being updated in the directory where it is meant to be published (based on configuration of Local Complete CRL Publishing to HTTP Server).
CauseAny issue that prevents RCM from writing CRL to the file or directory can prevent publication.  A common reason is that file permissions are incorrect on the destination file or directory.

File Permissions

Use the ls -l command to check that any existing CRL file or delta CRL file has the correct file permissions.  Local CRL publishing to HTTP server uses the following folder to write CRL files to: <rcm-install-folder>/RSA_CM/WebServer/crl-server
The file owner should be the user and group under which RCM (specifically, its Web Server httpds) is running.  User and Group are configured in <rcm-install-folder>/RSA_CM/WebServer/conf/httpd.conf .
User and group for a file can be changed with the chown command.  For example:
chown rcmuser:rcmgroup filename.crl
File permissions should be set to -rw-rw-r-- .  If that is not set correctly, it can be changed using the chmod command.  For example:
chmod 664 filename.crl
(664 is equivalent to the required permissions -rw-rw-r--).

Directory Permissions

Perform the same checks to ensure the full directory path is also accessible to the Web Server's User and Group.  The same commands as above can be used to change directory owner and permissions.

Other Causes

If the above does not resolve the problem, check the RCM logs for events that may indicate other causes.  For further information, refer the RSA Certificate Manager Administrator’s Guide, chapter "Troubleshooting RSA Certificate Manager", section "Trace Logging".