000016165 - RCM not generating new Delta CRLs

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016165
Applies ToRSA Certificate Manager 6.8
RSA Certificate Manager (RCM)
Windows 2008 Server R2 x64
IssueRCM  not generating new Delta CRLs
not generating new CRLs, caused a system outage
The timers were updated last Friday to the following:
RL Type CA Nickname CA md5 Period Start Time Next Update Buffer
CRL Internal CA
99cb44c903901afe04b844ca77694892 252900 - 43200

DCRL Internal CA
99cb44c903901afe04b844ca77694892 86400 - 14400

The services were restarted yesterday at 8:30AM EST which created new crl files. The delta was set to expire at 1:23 PM today. Given the timers that were set, expected a new delta crl at 8:30 AM this morning. As of 1:23 PM EST today, the same crl files that were generated yesterday morning were still showing up on the certificate manager. It appears as if it did not generate a new delta CR this morning.

CauseFrom the trace log, the dcrl timer is reset at 9:30. At 8:30, a full CRL and delta CRL is generated during full CRL generation. Since the timer is reset, the delta CRL is skipped at 9:30.
ResolutionFix is part of RCM 6.8 build 521 or higher. Contact RSA Customer support if you need additional information.
Legacy Article IDa57570