This article describes how to upgrade Smart ID Identity Manager from 23.04.9 to 23.04.10.
- An older release of Smart ID Identity Manager is already installed.
This instruction is only relevant if the following two points are true:
- Your Identity Manager is processing CRLs, either using Identity Manager's CRL push REST endpoint, or the "Cert: Update Certificate State from CRL" task.
- In Identity Manager Operator>Admin>Configure system properties>CA Recovation Reason Mapping, the mapping for "Reason not specified" is not "inactive".
When processing a CRL, when no revocation reason extension was present in the CRL, the state of the certificate in Identity Manager was set to "inactive". The correct value would have been the value configured in
Identity Manager Operator>Admin>Configure system properties>CA Recovation Reason Mapping for the key "Reason not specified".
After upgrading, make sure that a valid state is mapped for "Reason not specified" in the system properties and that transitions to this state are enabled.
Furthermore, when a CRL is processed that contains certificates that have been processed in a previous run, Identity Manager will now move their state to the correct value. For this to happen you need to allow a transition from "inactive" to the value mapped to "Reason not specified". Then let Identity Manager process the CRLs again. Once the CRLs have been processed, the certificates will have the correct state in Identity Manager and this transition can be removed again.