000018849 - No email in certificate mail attribute which KCA needs for renewal notices

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018849
Applies ToSun Solaris 2.8
Keon Web PassPort 1.1.1
Keon Certificate Authority OneStep 6.0
Keon Web PassPort - OneStep enrollment
IssueNo email in certificate mail attribute which KCA needs for renewal notices
KCA uses the email attribute to send email renewal notices through the renewal template.  Web Passport OneStep Plugin puts the email in the SubjectAltName certificate extension.
ResolutionThe fix for this is to set BOTH the KCSOSD_EMAIL_ALTNAME_MAP and KCSOSD_EMAIL_DN_MAP attributes in the "[CA-Enrollment]" section to "mail" in both the KWP WebPassPortOS.ini & RSAKWPP.ini files.

NOTE: This will only work with Keon OneStep 6.0 (KCA 6.0).  Keon OneStep 5.7 (KCA 5.7) would only put email addresses into the SubjectAltName:rfc822Name extension (through KCSOSD_EMAIL), not the "email-address" attribute of the certificate.
Legacy Article IDa7158

Attachments

    Outcomes