diff options
| author | Ade Lee <alee@redhat.com> | 2015-08-12 00:57:46 -0400 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-08-14 11:57:06 -0600 |
| commit | 29d35d80bb8aba820d4fbfd2738ce6ad4bb54ade (patch) | |
| tree | 912a7b195ff64889361b9ec651fe25d4af6cbc7a /base/ca | |
| parent | 52547567fee5e32b58e69c017546cc20f87fbef9 (diff) | |
| download | pki-29d35d80bb8aba820d4fbfd2738ce6ad4bb54ade.tar.gz pki-29d35d80bb8aba820d4fbfd2738ce6ad4bb54ade.tar.xz pki-29d35d80bb8aba820d4fbfd2738ce6ad4bb54ade.zip | |
Separate range and cert status threads
We currently disable the cert status maintenance thread on
clone CAs because CRL processing should only be done on the
master CA. Currently, the maintenance thread also performs
other checks on serial number ranges and settings. By disabling
the maintenance thread, we disable these checks too.
To fix this, we have separated the serial number checks into a
different maintenance thread, so that these tasks will occur
even if the cert status thread is disabled.
Bugzilla # 1251606
(cherry picked from commit d3d80046fd6985b809900005a685695d3181d9d3)
Diffstat (limited to 'base/ca')
| -rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 65296113e..158ecff1f 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -371,6 +371,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori mCertRepot.setSkipIfInConsistent( mConfig.getBoolean("SkipIfInConsistent", false)); + // set serial number update task to run every 10 minutes + mCertRepot.setSerialNumberUpdateInterval( + mRequestQueue.getRequestRepository(), + mConfig.getInteger("serialNumberUpdateInterval", 10 * 60)); + mService.init(config.getSubStore("connector")); initMiscellaneousListeners(); |