12 April,16 at 11:08 AM
Applies to: All versions of Centrify DirectControl
Question:
Why are getting the following messages seen on /var/log/messages?
... get_crl.pl[#####]: could not fetch crl for /var/centrify/net/certs/trust_FFFFFFFFFFFFFF.crl
... get_crl.pl[#####]: could not process crl fetched from http://server.domain.com/CertEnroll/domain.com.crl, maybe crl server not setup correctly
... get_crl.pl[#####]: could not process crl fetched from http://server.domain.com/CertEnroll/domain.com.crl, maybe crl server not setup correctly
... get_crl.pl[#####]: could not process crl fetched from http://server.domain.com/CertEnroll/domain.com.crl, maybe crl server not setup correctly
... get_crl.pl[#####]: could not fetch crl for /var/centrify/net/certs/trust_FFFFFFFFFFFFFF.crl
... get_crl.pl[#####]: could not process crl fetched from http://server.domain.com/CertEnroll/domain.com.crl, maybe crl server not setup correctly
Answer:
Whenever adclient downloads a certificate, it also downloads a corresponding CRL.
If the CRL is unreachable or not set up, then it will display the log warning as shown.
Workaround:
At the end of the KB, there is is an attachment called "get_crl.pl" which can be used to replace the default one under /usr/share/centrifydc/sbin/get_crl.pl
This new get_crl.pl will change the warning messages to only show when Centrify debugging mode is enabled.