KB Article #178789

Import CRL from file

Problem

-- Messages are failing since a certificate cannot be validated

-- the associated CRL is missing in the system

-- "System management" -> "Manage CRLs" -> "CRL usage and retrieval configuration" -> "Require CRLs" is enabled

-- "System management" -> "Manage CRLs" shows the CRL, but "Status" shows an error (e.g. "Could not consume file from server"

-- Trying to manually update the CRL via UI fails as well

-- CRL is present as a file (or can be downloaded by entering the URL into a browser)

-- CN log might show error similar to:

Caused by: java.io.IOException: Unable to get input stream for http://crl.comodoca.com/COMODOSHA256OrganizationValidationSecureServerCA.crl: 302 Found
    at com.cyclonecommerce.tradingengine.transport.http.HttpClientBase.getFileInputStream(HttpClientBase.java:1417)
    at com.cyclonecommerce.util.http.HttpInputStreamBuilder.getFileInputStream(HttpInputStreamBuilder.java:114)
    at com.cyclonecommerce.util.http.HttpInputStreamBuilder.getInputStream(HttpInputStreamBuilder.java:78)
    ... 66 more


Resolution

** CRLs can be uploaded to Interchange/B2Bi via the "System management" -> "Manage CRLs" -> "Add CRL".

Besides contacting the CA maintaining the CRL and notifying them about the issue, if the CRL can be obtained by other means as a file, the following steps can be used to import the CRL from file.


  1. Deploy the current CRL file onto the server
  2. Log into the UI and go to "System management" -> "Manage CRLs" -> "Add CRL"
    1. As URL enter a "file:///" URL, pointing to the file on the server.
      • For Linux/Unix use:
        file:///path/to/file.crl
      • For Windows use:
        file:///c:/path/to/file.crl
    2. Choose to "update now" and verify status of CRL is "success".
    3. Change the URL to the correct URL of the CRL
    4. Resend/Reprocess failed files


    ** The above error "302 found" error indicates that the CRL is not at the location as defined in associated certificates. The server is attempting to redirect the client to the correct location. Redirection is not supported in Interchange/B2Bi for CRL retrieval and therefore the redirection attempt and download attempt of the CRL failed.

    Still need help?

    If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.