000022843 - CAs from KCA not trusted after applying Microsoft Fix Q329115

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022843
Applies ToKeon Certificate Authority 6.0.2
Sun Solaris 2.8
Microsoft Security Update (Q329115)
IssueCAs from KCA not trusted after applying Microsoft Fix Q329115
Customer reported that development certificates are now invalid when using an IE browser with MS update Q329115 applied
Microsoft Fix Q329115 information Link
CauseMS Fix addresses a security issue if the Basic Constraint extension is missing from subordinate C
ResolutionTo correct this issue, resign the subordinate CA and include the Basic Constraint extension. NOTE: The newly signed certificate will need to replace the old certificate. The certificate chain will still be valid with any existing certificates that were issued previously.
Legacy Article IDa14748

Attachments

    Outcomes