Bug2190283-AddCRLServlet-SEVERE-NOT-SUPPORTED-messages #4427
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch fixes the following issue:
It appears that the following parameter in ca's CS.cfg is set to true by default:
ca.publish.rule.instance.ocsprule-ccrsa-1-rhcs10-example-com-32443.enable which triggers the CA to attempt publishing of its CRLs directly from CA->OCSP and causing the following SEVERE error messages:
SEVERE: CRL issuing point CN=CA Signing Certificate, not found.
The CA->OCSP direct push of CRLs appears to not be working. CA->ldap publishing (and ocsp pulling from ldap) is working and
should be used instead.
In addition, this patch also fixes it so that the following will no longer appear (it has no reason to. See bug description for explanation): [CRLIssuingPoint-MasterCRL] WARNING: LdapSimpleMap: crl issuer dn:... org.mozilla.jss.netscape.security.x509.X509CRLImpl cannot be cast to java.security.cert.X509Certificate
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2190283