|Applies To||Keon Certificate Authority 6.5.1|
Sun Solaris 2.8
|Issue||Upgrade from Keon Certificate Authority 6.5.1 to Keon CA 6.5.1 (same version) appears successful but upgraded Keon CA does not work properly|
The upgraded Keon CA seems to start up fine but CRLs (Certificate Revocation Lists) can only be generated for some of the CAs in the installation. The CRL generation was attempted from the Keon CA administrative interface -> CA Operations workbench -> view a CA -> clicked 'Generate Complete CRL' button.
The Keon CA installation prior to the upgrade worked fine and CRLs could be generated for all CAs
|Cause||Upgrade.ldif file in package.tar, generated during the first phase of the upgrade, contained invalid/garbled values for the attribute 'keyid' for 'xuda_ca' objects that belonged to the non-working CAs. The 'xuda_ca' objects for the working CAs, in the upgraded Keon CA, did not exhibit such problem.|
A bug in one of the binaries, xu_ldbmcat, in the Keon CA 6.5.1 upgrader causes this issue when the db contains data in a certain format.
|Resolution||This issue has been fixed and an updated xu_ldbmcat binary (part of the Keon CA 6.5.1 upgrader) will be made available in the next hot fix (possibly build256 or later) for Keon CA 6.5.1. This issue does not exist in RSA Certificate Manager 6.6 or later versions. Contact RSA Customer Support for latest status on the fix.|
|Workaround||Keon CA was upgraded following instructions in the RSA Keon CA 6.5.1 Installation Guide|
|Legacy Article ID||a31668|