000026018 - KCA Certificate signing failure  XrcNOTFOUND

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026018
Applies ToKeon Certificate Authority 6.5.1
Keon Certificate Authority 6.5.1 API
IssueKCA Certificate signing failure, XrcNOTFOUND
Certificate signing: failed; [XrcNOTFOUND: unable to locate requested member or object]; certificate presented: md5=aa3b5a57ab5f368cee4d79d338ec237d]
ResolutionTo use "Enforce Profile Definition" on "Extension Profiles", the PKCS#10 request must match the certificate profile being used. Otherwise the request will be rejected. If "Enforce Profile Definition" is disabled, there will be no issues.
Before you approve the certificate, reconfigure the jurisdiction to disable profile checking. This can be done using the following steps:

Disable the "Enforce Profile Definition" option in the Jurisdiction Configuration as follows:

1. Go to the "CA Operations" workbench in the KCA Administrative Web interface

2. On the left-hand pane, select the CA to be used to issue the user certificates from the cascading list

3. On the right-hand pane under the "Jurisdiction Configuration:" heading, select the Jurisdiction to be configured and click "Configure"

4. Under the "Sections" heading, select "Extension Profiles"

5. Look for the section titled "General Profile Policy:"

6. Disable (uncheck) the "Enforce Profile Definition" option

7. Finally, click on "Save" or "Save and Exit"
WorkaroundChanges have been made to the Jurisdiction for the CA, specifically "Enforce Profile Definition" on "Extension Profiles"
Legacy Article IDa22237