|Applies To||RSA Key Manager Server 2.1.1|
Microsoft 2003 Server SP1
RSA Key Manager C Client
|Issue||?KMClient: Error getting key from KMS: Error from server: Access Denied? |
The KMS server is returning the following error:
?KMClient: Error getting key from KMS: Error from server: Access Denied?
Running test tool getKey - byKeyClass an the following error was thrown:
Failed to retrieve key after 3 retries
KMClient: Error getting key from KMS: Error from server: Access Denied
GetKey failed: Error code = 4780018
TLSv1 RC4-MD5 CN=Certificate "POST /KMS/rpc/emu HTTP/1.1"
|Cause||The key class on KMS is not configured to auto-generate keys.|
The cipher is not supported on the Key Manager Server.
To check the list of ciphers check the SSLCipherSuite directive in /etc/httpd/conf.d/ssl.conf on the Key.
|Resolution||Verify that the KeyClass exist and that a key has been generated under the KeyClass or auto-generate key has been enabled for testing.|
Validate that the cipher being used is supported. If supported check enableFIPS(by default FIPS is set to true) in the client configuration file. The RC4-MD5 cipher is not FIPS.
|Notes||To change the client certificate to be FIPS check primus solution a58296: How to recreate a PKCS#12 and/or to change PKCS#12 password?|
|Legacy Article ID||a43585|