You are here

Find problems if CRL-auto-fetch functionality doesn't work as expected

Be sure that the configured parameters CRL_URL[n] are all reachable from your Airlock. You may need to configure a route for the connection. To test that the network settings are correct, do the following:

  • ssh to your Airlock
  • Try to connect to all your configured URLs with the tool curl, e.g.
    • root@airlock # curl -k https://bali.ergon.ch/testsuiteCA.crl

Setup Cron

Airlock 5.0

Please refer to article "Automatic update of CRLs" chapter "Enable Auto-Fetching Functionality"

Airlock 4.2

The cronjob which calls the fetch script is disabled by default. Assure that you enabled it correctly in the crontab:

  • ssh to your Airlock
  • Edit the crontab by executing:
    • root@airlock # crontab -e
  • Look for the line containing crl_fetch.sh and ensure that this line is not commented out. You may adapt the execution times.
  • Don't forget to activate your changes after saving:
    • root@airlock # crontab -l | crontab

Debug

If you still encounter problems with the CRL-auto-fetch functionality, or see error-messages with ID m:SY-CRLG in the LogViewer, we suggest the following steps to debug your setup:

Airlock 5.0

  • ssh to your Airlock
  • Edit the file /opt/airlock/custom-settings/crl/autoupdate/crl_fetch.cfg
    • Add the line DEBUG=1 or DEBUG=2 - this enables debug/trace output.
  • Execute manually the CRL fetch script on console:
    • root@airlock # /opt/airlock/base/crl/crl-fetch.sh
  • Analyze the output on the console

Airlock 4.2

  • ssh to your Airlock
  • Edit the file /airlock/crl/autoupdate/crl_fetch.cfg
    • Add the line DEBUG=1 or DEBUG=2 - this enables debug/trace output.
  • Execute manually the CRL fetch script on console:
    • root@airlock # /opt/slt/ses/system/crl/crl_fetch.sh
  • Analyze the output on the console

If you can't solve the problem, don't hesitate to contact Airlock Support. Please attach your crl_fetch.cfg, the Airlock configuration, the result of a search in LogViewer with the filter m:SY-CRLG and the debug output of the last step above.

Knowledge Base Categories: