RSA Certificate Manager logs: Custom application 'CertGen' issued only 281 certificates from 500 requests
RSA Product Set: RSA Certificate Manager RSA Version/Condition: 16.7, 6.8, 6.9 RSA Certificate Manager configured to use an external directory to replace the default Berkeley DB through the db plug-in feature Microsoft Active Directory Application Mode (ADAM)
An External LDAP store exhibits poor performance from a custom RSA Certificate Manager API application. Events such as the following are logged: Custom application "CertGen" issued only 281 certificates from 500 requests.
When configured with an external LDAP, by default RSA Certificate Manager performs a dummy search before each transaction to ensure that the connection with the external LDAP Server is open.
The poor performance issue can be caused when there is a high transaction rate, due to a large number of dummy searches being triggered by RSA Certificate Manager.
To resolve this issue, the keepalive dummy searches of the external LDAP store must be turned off.
If a Certificate Manager API application is being used to issue certificates, it is possible to disable the keepalive search. A directive has been introduced in RSA Certificate Manager 6.7 build 422 to optionally turn off the keepalive search.
Open plugin.conf in a text editor and add the following directive:
0 turns off the dummy search.
1 maintains the dummy search. If the Secure Directory Server receives an LDAP_SERVER_DOWN error message, it will try to open a new connection again.
The default if the directive is absent, is 1. Certificate Manager performs the dummy search.
For transactions from other front-end applications, such as the WebServer and CMP Server, the Certificate Manager will make the dummy search.
Installing RSA Certificate Manager 6.7 build 423 or later, and then adding keepldapopen directive to turn off the dummy search, enables a custom application to issue a large number of certificate requests.