Bug 1657922
Summary: | CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | RAD team bot copy to z-stream <autobot-eus-copy> |
Component: | pki-core | Assignee: | Jack Magne <jmagne> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | high | ||
Version: | 7.6 | CC: | akahat, jmagne, mharmsen |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.5.9-9.el7_6 | Doc Type: | Bug Fix |
Doc Text: |
Previously, when a CA or OCSP subsystem that was configured with OCSP checking was restarted, a self test in Certificate System checked the validity of the subsystem certificates in a subsystem. Due to the presence of OCSP checking, the subsystem failed to start. With this update, the server performs a simpler set of certificate validity tests which do not cause the mentioned problem. As a result, restarting a CA or OCSP subsystem with OCSP checking works correctly. If OCSP checking is not configured and you require the full certificate validity tests, you can restore the old behavior by setting "selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify=true" in the CS.cfg file.
|
Story Points: | --- |
Clone Of: | 1641119 | Environment: | |
Last Closed: | 2019-01-29 17:21:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1641119 | ||
Bug Blocks: |
Description
RAD team bot copy to z-stream
2018-12-10 18:15:14 UTC
Test Procedure: see https://bugzilla.redhat.com/show_bug.cgi?id=1641119#c6 I tested this BZ on 10.5.9-10.el7_6 version. I tried the steps which are mentioned in #c2. - Installation of standalone CA, KRA and OCSP - Restarted the subsystem and observe the logs. - Setup selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify=true in subsystem's CS.cfg file. - Restarted the subsystem - I could see that there are different logs after setting selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify=true. Which is working as expected. Marking this bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0168 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |