000011952 - Error 'XCR_RKM error (10040)' on PowerPath side  and error 'certificate has expired' in Apache logs on RKM Appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011952
Applies ToEMC PowerPath 5.3 (Windows 2008 R2)
RSA Key Manager Appliance 2.7.1.x
IssueError "XCR_RKM error (10040)" on PowerPath side, and error "certificate has expired" in Apache logs on RKM Appliance
Command "powervt xcrypt -on -dev harddiskX" fails with error:

XCR_RKM error (10040): Could not authenticate the server certificate with given CA file or problem reading CA file.
C:\Users\jcadmin>powervt xcrypt -on -dev harddiskX

WARNING: This action will destroy data on harddiskX, continue? yes/[no]: y
XCR_RKM error (10040): Could not authenticate the server certificate with given CA file or problem reading CA file.

Apache log file /var/log/httpd/ssl_error_log on RKM Appliance shows:

[Thu Aug 30 10:16:18 2012] [debug] ssl_engine_kernel.c(1169): Certificate Verification: depth: 1, subject: /CN=RSA Key Manager Appliance Demo Root CA - 2011-04-01 10:56:22, issuer: /CN=RSA Key Manager Appliance Demo Root CA - 2011-04-01 10:56:22
[Thu Aug 30 10:16:18 2012] [debug] ssl_engine_kernel.c(1169): Certificate Verification: depth: 0, subject: /CN=hostname, issuer: /CN=RSA Key Manager Appliance Demo Root CA - 2011-04-01 10:56:22
[Thu Aug 30 10:16:18 2012] [error] Certificate Verification: Error (10): certificate has expired
[Thu Aug 30 10:16:18 2012] [debug] ssl_engine_kernel.c(1749): OpenSSL: Write: SSLv3 read client certificate B
[Thu Aug 30 10:16:18 2012] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client certificate B
[Thu Aug 30 10:16:18 2012] [debug] ssl_engine_kernel.c(1768): OpenSSL: Exit: error in SSLv3 read client certificate B
[Thu Aug 30 10:16:18 2012] [info] SSL library error 1 in handshake (server HOSTNAME.DOMAINNAME:443, client XX.XX.XX.XX)
[Thu Aug 30 10:16:18 2012] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Thu Aug 30 10:16:18 2012] [info] Connection to child 0 closed with abortive shutdown(server HOSTNAME.DOMAINNAME:443, client XX.XX.XX.XX (IP Address)
CauseThe client certificate (in the .p12) on Powerpath host had expired
ResolutionTake the following steps to update PKI credentials on the PowerPath host and RKM Appliance:

1. Generate a new certificate for the Powerpath host. (Customer need to involve his PKI admin to do this step).

2. FTP the updated credentials (the PKCS#12) file to the PowerPath host.
      On a Windows host, place the files in the following directory:
          C:\Program Files\EMC\RSA\Rkm_Client\config

3. Upload the new client certificate (not the .p12, just .cer) on RKM Appliance /KMS console to attach to the corresponding identity record. (Customer needs to perform this step. To do so, go to /KMS console on browser, login as kmsadmin or another super admin, click on Identities tab, click on the Identity name in the list that corresponds to the PowerPath host, under Authentication:Certificates section click on Browse button and point to the .cer certificate file, once the file is selected click on Add button on the /KMS Identity page)

4. On the PowerPath host, update rkm_init.conf to point to the new .p12 filename.
      On a Windows host, rkm_init.conf is in the following directory:
    C:\Program Files\EMC\RSA\Rkm_Client\config

5. Run the following command on the PowerPath host, make sure to provide the correct password (must be at least 8 characters long) on the prompt for the PKCS#12 credentials:
    ckmadm setup -file "C:\Program Files\EMC\RSA\Rkm_Client\config\rkm_init.conf"

6. Stop and restart the EMC PowerPath RSA Encryption service on the PowerPath Windows host for the configuration changes to take effect.

7. Run the powervt command again to carry out hard disk encryption.
NotesEMC Primus emc302187
Legacy Article IDa59490

Attachments

    Outcomes