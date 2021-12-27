We are running Horizon 8 Connection Servers and have enabled certificate revocation checking in the locked.properties file. What we are seeing, and it may be unrelated, is that after a period of time the Connection Servers run into a OutOfMemory: JAVA heap space error. We end up having to reboot the server to clear the error as it prevents customer access to VM sessions and admin session on the Web Console (basically kills authentication). We have a SR open, but we can't send the hprof files (security won't allow it). We have looked at the memory dumps and our tool shows the possible memory leaks as x509CRL (various org.bouncycastle.asn1.DERS* threads) and also mentions certificate revocation thread/attempts. While we are working with VMware Engineers, we want to test setting the revocation CRL URL, in the locked.properties, to a local file. However, our smart cards/customer tokens are cut from multiple Root CAs so we have multiple CRL URLs to check. We can't find any mention of being able to define multiple URLs using the locked.properties, so we have it currently set (default) to use the smart card/token certificate CRL information (not local to our site but reachable).

SOFTWARE ・ 1 DAY AGO