Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7211

OCSP signing certificates aren't always published for throwaway CAs with revoke enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.1.1, EJBCA 6.15.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 19

      Description

      Customer has a CA with Throwaway + Revoke enabled, and they issue OCSP Responder certs signed by this CA's key. The OCSP Responder Cert Profile has publishers defined to publish the full cert to the VA databases. 

      When these OCSP Responders are issued, it attempts to publish by putting the fingerprint of the newly-issued certificates into PublisherQueueData for each publisher, but the actual cert isn't stored in either CertificateData or NoConflictCertificateData. So the publisher worker ends up hung on these fingerprints. 

        Attachments

          Activity

            People

            Assignee:
            hsunmark Henrik Sunmark
            Reporter:
            mikek Mike Agrenius Kushner
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 1 day, 2 hours, 45 minutes Remaining Estimate - 5 hours, 30 minutes
                5h 30m
                Logged:
                Time Spent - 1 day, 2 hours, 45 minutes Remaining Estimate - 5 hours, 30 minutes
                1d 2h 45m