Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7211

OCSP signing certificates aren't always published for throwaway CAs with revoke enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.1.1, EJBCA 6.15.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 19

      Description

      Customer has a CA with Throwaway + Revoke enabled, and they issue OCSP Responder certs signed by this CA's key. The OCSP Responder Cert Profile has publishers defined to publish the full cert to the VA databases. 

      When these OCSP Responders are issued, it attempts to publish by putting the fingerprint of the newly-issued certificates into PublisherQueueData for each publisher, but the actual cert isn't stored in either CertificateData or NoConflictCertificateData. So the publisher worker ends up hung on these fingerprints. 

        Attachments

          Activity

            People

            • Assignee:
              hsunmark Henrik Sunmark
              Reporter:
              mikek Mike Agrenius Kushner
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 1 day, 2 hours, 45 minutes Remaining Estimate - 5 hours, 30 minutes
                5h 30m
                Logged:
                Time Spent - 1 day, 2 hours, 45 minutes Remaining Estimate - 5 hours, 30 minutes
                1d 2h 45m