I'm running MQ 5.3 on a Solaris system using SSL channels, and am using LDAP to check the certificates against CRLs.

According to the Security manual, on Unix systems MQ will cache the CRL data that it retrieves via an LDAP lookup for 12 hours, and refer to the cached copy (if there is one) for subsequent SSL channel connections.

When running a trace on my server and connecting via a client application every few minutes, I notice that every time I connect the queue manager is sending LDAP queries to the LDAP server and receiving new copies of the CRL data in response. The client connects successfully each time, but I had assumed that it would only send out an LDAP query for the first one. I have checked to make sure that the "Next Update" field on the CRL is in the future, which it is.

Does MQ 5.3 not cache the data, or is there a setting somewhere that I am missing to turn this feature on? The Security manual does not mention a seperate setting for caching the CRL, so I had assumed it was automatic. Is there a bug regarding this that we need to be running a certain CSD level to correct?


Thanks for any help.