000019981 - User's KWP PSD with new certificate not getting uploaded to LDAP

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000019981
Applies ToKeon Web PassPort 1.1.1
Microsoft Internet Information Server (IIS)
Microsoft Windows 2000 Advanced Server SP2
LDAP Server
IssueUser's KWP PSD with new certificate not getting uploaded to LDAP
End user goes through certificate generation process again if virtual card was not loaded properly
End user repeatedly sent to certificate enrollment process
When a user goes to enroll for a certificate they download the plugin and then are set over to OneStep. OneStep works fine and the certificates appear to be created and the pointers are installed in the certificate store. The only difference is the general certificate ca-user it stays and does not go away. Everything appears fine until a user goes to another machine or uninstalls their plugin. When a user goes to another machine downloads the plugin they are sent to OneStep again for enrollment even after doing it on the other system. If a user un-installs the plugin they get an error about there are pending credential updates if you uninstall the plugin these actions will be cancelled. Once you select OK you get a message about the credential update failed.
CauseKeon Web PassPort client using HTTPS to upload PSD to Keon Web PassPort server. SSL server certificate not trusted by client.
The KWP PSD upload was going over http on port 80. Port 80 was being blocked by a FireWall.
ResolutionYour KWP server must be configured to upload PSDs over SSL using https instead of http. To use HTTPS for uploads, the Keon Web PassPort server SSL certificate must be trusted by the client system. For more information, see the solution titled How to install Root CA certificate into Internet Explorer.

For KWP 1.1 release, please contact RSA Customer Support for Hot Fix tst00026194.

For KWP 1.1.1 release, to enable upload over https, follow these steps:

1.   Shut down your Web server.

2.   Edit the RSAKWPP.ini file and add the line:

    SecureUpload=true  

    in the category [KWA-Trust-List]
    
3.   Restart your Web server.
Legacy Article IDa13602

Attachments

    Outcomes