- This topic has 2 replies, 2 voices, and was last updated 6 years, 4 months ago by
.
-
Posts
-
Hello. I have installed WMS and I’m trying to add a certificate to it to replace the self-signed cert that comes with the initial install. I’ve created a PKCS12 certificate in the appropriate format and I’m attempting to load it using the Portal-Admin/Setup functionality but I’m getting an error “Can not verify CRL for certificate: CN=<server-fqdn>”. Looking at the log I see it’s failing to retrieve the CRL for the certificate, the reason is “[LDAP: error code 1 – 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ]”.
I understand that Tomcat doesn’t support LDAP for CRLs. My certificate has other valid CRL distribution points but WMS doesn’t appear to be trying any of them.
Has anyone else come across this? I’ve been fighting with this for 2 days now and my grey hair is turning white!
Thanks, Andrew.
Are you able to skip this error message?
Typically this message occurs when WMS is not able to contact the CRL list.CG
I was able to get it to work. The CRL CDP in the certificate wasn’t good so I rebuilt the CA to have valid CDP information.
One thing that I came across might trip others up. The trick is that where it asks for an “Apache Intermediate Certificate” it is really asking for the ROOT certificate (in Base-64 format).
Thanks for the assistance.
Andrew.
- You must be logged in to reply to this topic.