|Applies To||RSA Key Manager Client|
RSA Data Protection Manager Client
|Issue||RKM Client: Error 10041 (R_KM_ERROR_PEER_CERTIFICATE)|
RKM Client returns error 10041 (R_KM_ERROR_PEER_CERTIFICATE)
RKM Java Client throws exception:
Exception in thread "main" com.rsa.kmc.KMException: com.rsa.kmc.w.ai: Client Registration Failed. reason: client.app_name specified in the properties parameter may be is already in use
and packet capture/tcpdump or debug output (java -D javax.net.debug=ssl) shows that the server certificate's Common Name and/or Subject Alternative Name extension does not match the server address in the client properties file.
DPM Token Java Client showsan error such as
[java] Unable to establish stable server connection to server: localhost:38
443,Error:HTTPS hostname wrong: should be <localhost>
|Cause||The hostname in the server certificate does match the address in the client config.|
|Resolution||Ensure that the hostname in the server certificate matches the address in the client config. Check the server certificate's subject distinguished name and subject alt name extension. To proceed with a server certificate where the hostname does not match the client config, set the "certHostnameVerification" property (or equivalent) to "false".|
"server.hostname_verify" is the name of the property for the Token C & Java Clients
"validate.hostname" is the name of the property for the Key Java Client
"certHostnameVerification" is the name of the property for the Key C Client
|Notes||The error is defined in library/include/km_error.h:|
* The server certificate is not OK.
#define R_KM_ERROR_PEER_CERTIFICATE 10041
In RKM C Client 2.7.x, "certHostnameVerification" defaults to false. In DPM C Client 3.1, it was changed to default to true (KMCCLT-523).
|Legacy Article ID||a59430|