|Applies To||Sun Solaris 2.8|
Keon Web PassPort 1.1.1
Keon Certificate Authority OneStep 6.0
Keon Web PassPort - OneStep enrollment
|Issue||No email in certificate mail attribute which KCA needs for renewal notices|
KCA uses the email attribute to send email renewal notices through the renewal template. Web Passport OneStep Plugin puts the email in the SubjectAltName certificate extension.
|Resolution||The fix for this is to set BOTH the KCSOSD_EMAIL_ALTNAME_MAP and KCSOSD_EMAIL_DN_MAP attributes in the "[CA-Enrollment]" section to "mail" in both the KWP WebPassPortOS.ini & RSAKWPP.ini files.|
NOTE: This will only work with Keon OneStep 6.0 (KCA 6.0). Keon OneStep 5.7 (KCA 5.7) would only put email addresses into the SubjectAltName:rfc822Name extension (through KCSOSD_EMAIL), not the "email-address" attribute of the certificate.
|Legacy Article ID||a7158|