|Applies To||Keon Certificate Authority 6.5.1|
Sun Solaris 2.9
Certificate Management Protocol (CMP) client
|Issue||Cannot download CMP message signer "CN=<hostname>,CN=RSA Keon Certificate Authority - Protocol Signer" from KCA to use with custom CMP client|
|Cause||KCA's CMP message signer is created on-the-fly, so it?s not readily available for export to the client. Therefore, the CMP client cannot verify the CMP response messages.|
|Resolution||This issue has been resolved in a hot fix for KCA 6.5.1 (build 227). Contact RSA Security Customer Support to obtain KCA 6.5.1 build 227 or newer.|
With the hot fix, CMP server will now use its SSL key to sign the response. The SSL key is the key that CMP server used to talk with KCA. Its corresponding certificate is signed by KCA?s system CA. You can find the certificate and the key at the KCA_INSTALL_DIR\CmpServer\ssl\ folder.
|Legacy Article ID||a21144|