000023066 - An error '[XrcXUDAUNABLE]: unable to contact directory server' occurs when downloading encryption certificate

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023066
Applies ToRSA Certificate Manager
RSA Registration Manager
RSA Key Recovery Module
IssueAn error "[XrcXUDAUNABLE]: unable to contact directory server" occurs when downloading encryption certificate
The end-user browser shows the following error:

An error ([XrcXUDAUNABLE]: unable to contact directory server) was encountered in generating your encryption certificate. If the cause of the problem is not evident, you will need to contact the administrator of this system to proceed further.
Unable to download encryption certificate from Registration Manager. Signing certificate can be downloaded.
Both encryption and signing certificate are generated on the Certificate Manager and Registration Manager
The attribute krsCertificate of the signing certificate is blank
CauseLDAP ACL rules were improperly applied on the Certificate Manager

MD5 of the RM admin certificate was applied to the rule:
     access to filter="objectclass=xuda_certificate" attrs=pem_rsapriv

instead of:
     access to filter="objectclass=xuda_certificate"
ResolutionMake sure when you modify the ACL rules on the Certificate Manager that you modify the block that EXACTLY looks like :

     access to filter="objectclass=xuda_certificate"
Legacy Article IDa31801

Attachments

    Outcomes