I'm attempting to configure an instance of the standalone OCSP Manager and I'm having an issue with it loading the active set of DoD CAs/CRLs. I'm using the LDAP store and have the 17 active CAs/CRLs (Root 2, ID and Email 25-32) added in the configuration.
I loaded the directory server (389 ds) with a java program so I know all entries are configured exactly the same with caCertificate;binary and certificateRevocationList;binary attributes for each. While loading, In the debug logs I see "Started CRL Update"
for all 17 but then I'll only see 13 finish. I see increased CPU usage (basically 100%) for several minutes after starting the service until the 14th CRL is processed when the machine goes back to idle and it just seems to stop processing the remaining 3
large CRLs. The problem CRLs are understandably the 4 largest at 27.6Mb (this one loads about 4 min 45 seconds after startup), 30.6Mb, 29.5Mb, 33.5Mb. The virtual machine I'm using has 4 cores and 8GB of memory (originally 4, but increasing to 8 didn't seem
to help). I see nothing in the system or transaction logs to indicate what the problem is either. The rpm version of the pki-ocsp package is 9.0.15-1.
Thanks,
Dave