Bug: pkiserver fails to automatically update CRL. It looks for "CN=One - Configuration.CN=CRL Container.CN=Security" even if this is not the name of the CRL. NDSTRACE of pkii shows this behaviour below in the trace log.
Observed on fully patched OES11SP1 with DS Version = 20705.00
When I setup the Novell Certificate Server (by deleting the default "Organizational CA" and replacing with with the name of the company). I also chose to name the crl file something other than One.crl, which I considered a silly name and to publish it to public web servers by adding http CRL distribution points.
I was able to publish the new CRL using the new CRL object I created by clicking the button in iManager but I found that the server wasn't publishing the CRL automatically on the expiry date. The reason appears to be be a false assumption in pkiserver. To resolve this I renamed the CRL object to "One - Configuration" and now pkiserver will update the crl. The bad news is that iManager is no longer able to open the CRL from the CA object. It seems to be unhappy about the name change.
Where can I submit a bug report? I don't need help so I'm not inclined to submit a service request.
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: Entering openCRLDataBase with NULL for CRLConfigDN
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: openCRLDataBase: FlmDbOpen 0
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: openCRLDataBase: exiting with 0, crlIdentifier 0
2583074560 VCLN: [2013/11/29 13:32:32.251] DEBUG: DCCreateContext context 32390014 moduleHandle 00000126 /opt/novell/eDirectory/lib64/nd
s-modules/libpkiserver.so, idHandle 00000005
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: Calling DS Ping conn:3 for client .[Public].
2583074560 VCLN: [2013/11/29 13:32:32.251] DEBUG: request DS Ping by context 32390014 succeeded
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: Trying to resolve to CN=One - Configuration.CN=CRL Container.CN=Security
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: Calling DSAResolveName conn:3 for client .[Public].
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: DSAResolveName failed, no such entry (-601).
Observed on fully patched OES11SP1 with DS Version = 20705.00
When I setup the Novell Certificate Server (by deleting the default "Organizational CA" and replacing with with the name of the company). I also chose to name the crl file something other than One.crl, which I considered a silly name and to publish it to public web servers by adding http CRL distribution points.
I was able to publish the new CRL using the new CRL object I created by clicking the button in iManager but I found that the server wasn't publishing the CRL automatically on the expiry date. The reason appears to be be a false assumption in pkiserver. To resolve this I renamed the CRL object to "One - Configuration" and now pkiserver will update the crl. The bad news is that iManager is no longer able to open the CRL from the CA object. It seems to be unhappy about the name change.
Where can I submit a bug report? I don't need help so I'm not inclined to submit a service request.
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: Entering openCRLDataBase with NULL for CRLConfigDN
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: openCRLDataBase: FlmDbOpen 0
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: openCRLDataBase: exiting with 0, crlIdentifier 0
2583074560 VCLN: [2013/11/29 13:32:32.251] DEBUG: DCCreateContext context 32390014 moduleHandle 00000126 /opt/novell/eDirectory/lib64/nd
s-modules/libpkiserver.so, idHandle 00000005
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: Calling DS Ping conn:3 for client .[Public].
2583074560 VCLN: [2013/11/29 13:32:32.251] DEBUG: request DS Ping by context 32390014 succeeded
2583074560 PKII: [2013/11/29 13:32:32.251] INFO: Trying to resolve to CN=One - Configuration.CN=CRL Container.CN=Security
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: Calling DSAResolveName conn:3 for client .[Public].
2583074560 AREQ: [2013/11/29 13:32:32.251] DEBUG: DSAResolveName failed, no such entry (-601).