000011628 - Unable to renew certificate from web enrollment server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011628
Applies ToRSA Certificate Manager 6.9 build 554
IssueUnable to renew certificate from web enrollment server.

When trying to browse to the web enrollment server page there is the general Internet Explorer error:

"The Page Cannot Be Displayed"
The renewal-cipher.log shows:

[Mon Oct 07 10:03:36 2013] [error] [client 192.168.170.154] Certificate Verification: Error (10): certificate has expired
[Mon Oct 07 10:03:36 2013] [debug] ssl_engine_kernel.c(1896): SSL-C: Write: SSLv3 read client certificate B
[Mon Oct 07 10:03:36 2013] [debug] ssl_engine_kernel.c(1915): SSL-C: Exit: error in SSLv3 read client certificate B
[Mon Oct 07 10:03:36 2013] [debug] ssl_engine_kernel.c(1915): SSL-C: Exit: error in SSLv3 read client certificate B
[Mon Oct 07 10:03:36 2013] [info] [client 192.168.170.154] SSL library error 1 in handshake (server test.xxxxxx.com:1448)
[Mon Oct 07 10:03:36 2013] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Mon Oct 07 10:03:36 2013] [info] [client 192.168.170.154] Connection closed to child 29 with abortive shutdown (server test.xxxxxx.com:1448)
ResolutionTo resolve:

1) Open the file <install-dir>/WebServer/httpd.conf using a text editor
2) Under "RSA Renewal Server configuration" virtual host section, search for "SSLIgnoreExpiryCheck" directive
3) Set the value of SSLIgnoreExpiryCheck to "on" as follows:
    SSLIgnoreExpiryCheck on
4) Restart RCM services
Legacy Article IDa63504

Attachments

    Outcomes