Bug 669816

Summary: A synchronization mechanism is needed to ensure that the tps tokendb and ca cert databases remain in sync
Product: [Retired] Dogtag Certificate System Reporter: Ade Lee <alee>
Component: TPSAssignee: Christina Fu <cfu>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: 9.0CC: alee, jmagne
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 18:38:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 530474    

Description Ade Lee 2011-01-14 21:08:28 UTC 
Description of problem:

This is an offshoot of https://bugzilla.redhat.com/show_bug.cgi?id=223319
In that bug, cases where the TPS and CA databases became out-of-sync due to routine operations on the TPS were addressed.

This does not guarantee that the TPS and CA databases will remain in sync though.  In particular, any changes to certificate status invoked on the CA will not be propagated to the TPS.

A proposal has been made to provide the TPS admin with an option to initiate a sync between the TPS and CA.  The admin could provide a range of certs to be checked.

There are other ways to do this though.  One possibility is that the TPS could periodically download a deltaCRL - and process the elements in a background process.  This potentially will reduce the footprint of the operations involved. 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info: