000025911 - Web page cannot be accessed when renewing a certificate using Keon Certificate Authority

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025911
Applies ToKeon Registration Authority 6.5.1
Keon Certificate Authority 6.5.1
Sun Solaris 2.9
IssueWeb page cannot be accessed when renewing a certificate using Keon Certificate Authority
Registration Authority renewal server is accessible from Internet from https://cert.acme.com:80/, which is then redirected to the internal hostname on port 448. When clicking on the "Renew certificate" button and when renewing an end entity client certificate, user is redirected to the internal hostname instead of cert.acme.com.
Renew certificate button presented from KRA to end users and internal users to renew client SSL certificates

CA & RA <--> BIG IP F5 <-- end user
                    |
             internal user

+ internal user works fine for renew certificate
  - direct URL link uses FQDN and is seen in address location of IE
  - using external URL used by end users works fine for an internal user

+ end user does not show a redirect after clicking the renew certificate button

Direct URL = http://pprca1.acme.com:448

External URL = https://cert.acme.com:80

BIG IP F5 is doing the mapping of the URL
ResolutionTo change the hostname used during renewal, follow these steps:

1. Make a backup up copy of the following file:

    <KCA/KRA-install_dir>\WebServer\conf\httpd.conf
 
2. Using a text editor, update the httpd.conf file as follows:

  - Find the renewal server virtual host settings by searching for "Renewal"

  - Within the renewal server virtual host block, change ServerName to external hostname on the following line:

    ServerName cert.acme.com
WorkaroundDuring the renewal process, when a user clicks to renew their certificate, the KCA will redirect the user to the enrollment port (443) to pickup the certificate. During this step, the internal hostname is being used.
Legacy Article IDa30696

Attachments

    Outcomes