000022240 - Having a problem converting Keon Certificate Authority xml files to comma separated values

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022240
Applies ToKeon Registration Authority 6.5.1
Keon Certificate Authority 6.5.1
Microsoft Windows 2000 Advanced Server SP3
IssueHaving a problem converting Keon Certificate Authority xml files to comma separated values

Using the log export utility of KCA (xslogmgr export -csv -out test.txt ../logs/xslog_20050103_1.xml) They are finding that there are certain things that are left out, possibly if the data is beyond a certain length.

The following data is from a cvt conversion of one of their logs, that a new line is put in after each comma to make it clearer to see.

xslog_20050103_1.xml:9,
RSA Keon CA 6.5.1 build 208 (Secure Directory),
COMPLETION,
01/03/2005,
12:55:00,
5679e86b9c0f29dce84fa3070dcc9684, 10.172.46.68,
Signed with
FTdv1Y8s2A4B2dNh/Q6txHSubUQIFS08jiZc8eTZccDhKMXHAnl5P/yRq8G5D8h6PnMStGCd+tmCGvd
dWg8cu2mswUDb3VUr45ML2Zoe0/3g2xc7VQlGPR2aj950tlQMX7VQ/Du8T5QZ5GbLeKC1+b3Pm3Okl4
GgO/QlzI4uQ64=

xslog_20050103_1.xml:10,
RSA Keon CA 6.5.1 build 208 (Administration),
ATTEMPT,
Apply jurisdiction changes:certificate presented:
md5=9193fea2626f31b4cfcc5e98ab34a485,
01/03/2005,
14:02:33,
96ba8a9e3129fc4e480ffed378f7c978, 10.172.46.68,
Signed with
FTdv1Y8s2A4B2dNcc/Q6txHSubUQIFS08jiZc8eTZtTDhKMXHAnl5P/yRq8G5D8h6PnMStGCd+tmCGvd
dWg8cu2mswUDb3VUr45ML2Zoe0/3g2xc7VQlGPR2aj950tlQMX7VQ/Du8T5QZ5GbLeKC1+b3Pm3Okl4
GgO/QlzI4uQ64=

xslog_20050103_1.xml:11,
RSA Keon CA 6.5.1 build 208 (Administration),
COMPLETION,
01/03/2005,
14:02:34, 96ba8a9e3129fc4e480ffed378f7c978, 10.172.46.68,
Signed with
FTdv1Y8s2A4B2dcc/Q6txHSubUQIFS08jiZc8eTZtTDhKMXHAnl5P/yRq8G5D8h6PnMStGCd+tmCGvd
dWg8cu2mswUDb3VUr45ML2Zoe0/3g2xc7VQlGPR2aj950tlQMX7VQ/Du8T5QZ5GbLeKC1+b3Pm3Okl4
GgO/QlzI4uQ64=

The first is a certificate generation and the second is a jurisdiction modification. The third is the actual jurisdiction changes. If they translate the same section of the log file with Amber log export program, they get the following:

  LOG_NUMBER: xslog_20050103_1.xml:9
  LOG_SOURCE: RSA Keon CA 6.5.1 build 208 (Secure Directory)
  EVENT_CONDITION: COMPLETION
  LOG_DATA: Certificate signing: succeeded; certDN: CN=Test27
USER27,OU=ACME Association,O=ACME,UID=CE000270; md5:
d7bfefb44f44f64f7a23352eed923dbe; issuing CA md5:
5f081803d2107b508b634b538c1f0a24; certificate presented:
md5=6950cc140513b47fa71f9fcab9828eb2; Certificate (PEM) :
MIIDwzccAyygAwIBAgIQMPJzwnxRvWgy+eU1Xk+oQjANBgkqhkiG9w0BAQUFADBcMQ0wCwYDVQQKEwR
WSVNBMS8wLQYDVQQLEyZWaXNhIEludGVybmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEaMBgGA1
UEAxMRQ0VNRUFUZXN0IFZpc2EgQ0EwHhcNMDUwMTAzMjA1NTAwWhcNMDYwMTAzMjA1NTAwWjByMRgwF
gYKCZImiZPyLGQBARMIQ0UwMDAyNzAxDTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJu
YXRpb25hbCBTZXJ2aWNlIEFzc29jaWF0aW9uMRYwFAYDVQQDEw1UZXN0MjcgVVNFUjI3MFwwDQYJKoZ
IhvcNAQEBBQADSwAwSAJBAO4NFxaBeJUq7nVbus8ZPxsGC7jxYYJbvyUU3ipxUcV4vmWzj/H40QKiQK
VrZs0/+XqGKKj9YX7EVhQ5zN3a+1MCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFENaLtn6+2/etY9xO
JdUBMzDwb/5MA8GA1UdEwEB/wQFMAMCAQAwZQYDVR0gBF4wXDBaBgQqAwQFMFIwFQYIKwYBBQUHAgEW
CTEuMi4zLjQuNTA5BggrBgEFBQcCAjAtMBgWEVJlcGxhY2UgVGhpcyBUZXh0MAMCAQEaEVJlcGxhY2U
gVGhpcyBUZXh0MIHFBgNVHR8Egb0wgbowLqAsoCqGKGh0dHA6Ly9FbnJvbGwudmlzYWNhLmNvbS9DRU
1FQVZpc2FDQS5jcmwwgYeggYSggYGGf2xkYXA6Ly9FbnJvbGwudmlzYWNhLmNvbToxMzM4OS9jbj1DR
U1FQVRlc3QgVmlzYSBDQSxvPVZJU0Esb3U9VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2Np
YXRpb24/IGNlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwHAYDVR0RBBUwE4ERdGxhYm91bnRAdmlzYS5
jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBR5VcEVjNXbzqq6sTTihKyEhzdP6zANBgkqhkiG9w
0BAQUFAAOBgQA1UCUB/oRYy4KI+myUqkQF9Q8AI8oqgLkoW9MAycRBwJgY/FdmHVJB108WbtPa3qmBm
y03h3y0DEu/M+KCh83q+PTbgEg3dVjLqBt7CIzUY6e+K9Nv3PJ0OFOcaBkVsU8Zz7jOVRt15AwIl/4R
pj3jfHfPpcPzSmmbQMb3bD/leg==
  DATE: 01/03/2005
  TIME: 12:55:00
  ID: 5679e86b9c0f29dce84fa3070dba9684
   IP_ADDR: 192.12.46.68

   LOG_NUMBER: xslog_20050103_1.xml:10
  LOG_SOURCE: RSA Keon CA 6.5.1 build 208 (Administration)
  EVENT_CONDITION: ATTEMPT
  LOG_DATA: Apply jurisdiction changes:certificate presented:
md5=9193fea2626f31b4cf7e5e98acc4a485
  DATE: 01/03/2005
  TIME: 14:02:33
  ID: 96ba8a9e3129fc4e480ffed378f7c978
   IP_ADDR: 192.12.46.68
 
   LOG_NUMBER: xslog_20050103_1.xml:11
  LOG_SOURCE: RSA Keon CA 6.5.1 build 208 (Administration)
  EVENT_CONDITION: COMPLETION
  LOG_DATA: Apply jurisdiction changes:certificate presented:
md5=9193fea2626f31b4cf7e5e98abcca485;  Jurisdiction
ID:7817043bc2749c9874ff9acac7e8eccba494ce30, Signer (CA)
MD5:5f081803d2107b508b634b538c1f0a24, Request
Notice:Enabled, Request Notice Subject:Received a Certificate Request - ACME
Test, Request Notice Body:A certificate request was made. Please go to the RSA
Keon CA View Request page to vet the request., Approve Notice:Enabled, Approve
Notice Subject:Certificate Request: Approved - ACME Test, Approve Notice
Body:Your certificate request is approved and a certificate issued., Defer
Notice:Enabled, Defer Notice Subject:Certificate Request: Deferred - ACME
Test, Defer Notice Body:Your certificate request is deferred. You will be
contacted if additional information is needed. Your request will be vetted at a
later date., Refuse Notice:Enabled, Refuse Notice Subject:Certificate Request:
Refused - ACME Test, Refuse Notice Body:Your certificate request is refused
and a certificate will not be issued at this time., Logo
Image:Default Image, Background Image:Default Image, Introductory Title:RSA
Keon CA, Introductory Text:This page is a sample of how you might set up an
Enrollment User Interface in order to allow your end-users to make certificate
requests, download CA certificates, and download other users"
certificates. The RSA Keon CA Enrollment Server is a combination of what some
people might call a Registration Authority, a Certificate Distribution Point,
and an Attribute Repository, all rolled into one., Request Page Title:VISA
ACMETest Region CA, Request Page Text:This template demonstrates how to place
a client certificate request into a CA"s certificate request queue.,
Access to Main Page:Disabled, Access to CA Ops Page:Disabled, Access to Cert
Ops Page:Enabled, Types:CN,OU,O,EA,UID, Labels:Common
Name,Organizational Unit,Organization,E-mail Address,User ID, Default
Values:NONE,ACME  Association,ACME ,NONE,CE00001,
IncludeInCertDN Flags:1,1,1,0,1, Hide Flags:0,0,0,0,1, Editable
Flags:1,0,0,1,1, Required Flags:0,0,0,0,0, Enforce DN Definition:Enabled,
Directory String Encoding:PRINTABLE_WITH_UTF8_STRING,
Profile List:Basic PKIX-Compliant End-Entity/Template/Template/Template/,
Requestor Can Select:Yes, Vettor Can Override:Yes, Enforce Profile:Enabled,
SCEP Profile:Undefined, General Renewal
Policy:Cannot renew at all, Renewal Period:00030000, New Validity Start Date:0,
New Validity Period:0, Validity Period (From Validity Start Date):Undefined,
Validity Offset:Undefined, Publishing Control: Publish
Certificates:On, Publish Cross Certificates:Off, Publish CAs:On, Publish
CRLs:On, End Entity Deletes:Off, Publishing Configuration: Host:10.172.46.71,
Port:13389, Bind DN:cn=Directory Manager, Bind Password:DangerACME, Enable
SSL:Off, SSL Certificate File:Undefined, SSL Key File:Undefined, SSL
Passphrase:Undefined, Create Person Surname from Common Name:On, Base
DN:o=ACME ,ou=ACME Association, Create DN From Certficate
DN:Off, Certificate DN:CN, Create Authority DN From Certficate DN:Off,
Authority DN:CN, DN Mapping:, Use Search to create DN:Off, End Entity
Attributes:UID/, End Entity Class:inetOrgperson, End Entity Certificate
Field:userCertificate, Authority Attributes:CN/, Authority
Class:organizationalUnit, Authority Certificate Field:caCertificate, Authority
CRL Field:certificateRevocationList, Aux End Entity Class:inetOrgperson/,
Create End Entity as:organizationalPerson/person/inetOrgperson/, Create
Authority as:pkiCA/, Local Certificate Publishing:Disabled,
SCEP Autovetting:Disabled, IP Address List:Undefined, FQDN
List:Undefined, Validity Period:365, SCEP Profile:Undefined,
CMP Autovetting:Disabled, MS Exchange/Outlook
Support:Disabled, Set signing and encrypting certificates:Off, Install Outlook
sign button:Off, Install Outlook encrypt button:Off, Set email signing
default:Off, Set email encrypting default:Off, Publishing to Exchange
server:Disabled, Exchange Server version:2000, Exchange Server host:Undefined,
Exchange Server port:389,
  DATE: 01/03/2005
  TIME: 14:02:34
  ID: 96ba8a9e3129fc4e480ffvv378f7c978
  IP_ADDR: 192.12.46.68

The Data pieces that are much longer do not appear in the csv version, while the Amber version has all the Certificate data, and all of the Jurisdiction data.

CauseLarge data blocks were being truncated by a hardcoded fileread buffer. Increasing the buffersize fixes the issue.
ResolutionThis issue is resolved in RSA Certificate Manager 6.6 (new name for Keon Certificate Authority version 6.6) and higher.
Legacy Article IDa27621

Attachments

    Outcomes