Red Hat Bugzilla – Bug 426439
Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv/slapd-INSTANCE
Last modified: 2015-01-04 18:29:38 EST
Attempts to load CRL (Base64) file to DS fails.
- Open DS console
- Open Directory Server Instance
- goto manage certificates
- goto revoked certs
- Click on Add
- Point to a CRL base64 encoded file that's located under
Console complains that it can't locate the file.
- Copy the CRL base64 encoded file to
Console is now able to load the crl file.
- CRL file should be placed at the instance config level
and not at the admin server level.
We could release note this for DS8.0 but fix the path issue
Created attachment 327005 [details]
Created attachment 327016 [details]
cvs commit log
Reviewed by: nhosoi (Thanks!)
Fix Description: The main problem was that it was not using the getSecurityDir function to get the security dir based on the SIE passed in. This function is called in main after getting the SIE. I changed the code to set this value in a static variable that can be used throughout the program.
In addition, I found and fixed some other bugs related to CRL handling:
1) The code did not work with ASCII CRLs generated by newer versions of crlutil which use the BEGIN CRL header. I added processing for that header type.
2) The code did not handle date/time in generalized time format. I added code to format the date/time based on the type of date/time stored in the CRL.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Created attachment 338036 [details]
attempting to import attached crl file from
All are resulting in file not found error.
crl file must reside in /etc/dirsrv/slapd-ID/ and input only file name - not full path.
Entering only file name works.
Verified RHEL 5 DS 8.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.