Bug 669816 - A synchronization mechanism is needed to ensure that the tps tokendb and ca cert databases remain in sync
Summary: A synchronization mechanism is needed to ensure that the tps tokendb and ca c...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: TPS
Version: 9.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Christina Fu
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: 530474
TreeView+ depends on / blocked
 
Reported: 2011-01-14 21:08 UTC by Ade Lee
Modified: 2020-03-27 18:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 18:38:40 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ade Lee 2011-01-14 21:08:28 UTC 
Description of problem:

This is an offshoot of https://bugzilla.redhat.com/show_bug.cgi?id=223319
In that bug, cases where the TPS and CA databases became out-of-sync due to routine operations on the TPS were addressed.

This does not guarantee that the TPS and CA databases will remain in sync though.  In particular, any changes to certificate status invoked on the CA will not be propagated to the TPS.

A proposal has been made to provide the TPS admin with an option to initiate a sync between the TPS and CA.  The admin could provide a range of certs to be checked.

There are other ways to do this though.  One possibility is that the TPS could periodically download a deltaCRL - and process the elements in a background process.  This potentially will reduce the footprint of the operations involved. 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Note You need to log in before you can comment on or make changes to this bug.