Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Table of Contents
excludeTable of Contents

CRL is not publishing for the Local CA [current and new CRL numbers are same]

There was a rare and intermittent issue with ADSS Server 5.5 and older versions that the new CRL publishing started failing for a Local CA after encountering a situation where the Current CRL Number and New CRL Number were same. This situation was caused due to a database update failure during the publishing of the last CRL. ADSS Server prints an error in core.log that the new CRL number must be greater than the current one. The error message will be like the following in core.log:

Info
titlecore.log error
[CA Name] CRL invalid because new CRL's CRLNumber '5' is not greater than the current CRL's CRLNumber '5'
Failed to update CRL in database : CRL invalid because new CRL's CRLNumber '5' is not greater than the current CRL's CRLNumber '5'

Follow these steps to resolve this issue:

  1. Connect to the ADSS Server database and execute the following SQL query:
    Replace the [**new CRL number] with next CRL number e.g. 6 in this example and [CA name from Manage CAs > Local CAs] accordingly:

    Code Block
    themeMidnight
    UPDATE LocalCertificateAuthorities SET CrlNo = [new CRL number] where Id = [CA name from Manage CAs > Local CAs]
  2. Now go to Manage CAs > Local CAs
  3. Click the CA Name for which the problem is occurring. Clicking the Publish CRL Now button will publish the CRL with next CRL number
  4. Restart the ADSS Server Core from Server Manager module for the changes to take effect

Why ADSS CRL Monitor may not start?

...