000012182 - RKM Client: Error 10041 (R_KM_ERROR_PEER_CERTIFICATE)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000012182
Applies ToRSA Key Manager Client
RSA Data Protection Manager Client
IssueRKM Client: Error 10041 (R_KM_ERROR_PEER_CERTIFICATE)
RKM Client returns error 10041 (R_KM_ERROR_PEER_CERTIFICATE)
RKM Java Client throws exception:
Exception in thread "main" com.rsa.kmc.KMException: com.rsa.kmc.w.ai: Client Registration Failed. reason: client.app_name specified in the properties parameter may be is already in use
and packet capture/tcpdump or debug output (java -D javax.net.debug=ssl) shows that the server certificate's Common Name and/or Subject Alternative Name extension does not match the server address in the client properties file.
DPM Token Java Client showsan error such as
[java] Unable to establish stable server connection to server: localhost:38
443,Error:HTTPS hostname wrong: should be <localhost>
 
CauseThe hostname in the server certificate does match the address in the client config.
ResolutionEnsure that the hostname in the server certificate matches the address in the client config.  Check the server certificate's subject distinguished name and subject alt name extension.  To proceed with a server certificate where the hostname does not match the client config, set the "certHostnameVerification" property (or equivalent) to "false".
"server.hostname_verify" is the name of the property for the Token C & Java Clients
"validate.hostname" is the name of the property for the Key Java Client
"certHostnameVerification" is the name of the property for the Key C Client
 
NotesThe error is defined in library/include/km_error.h:
/**
 * The server certificate is not OK.
 *
 * @showinitializer
 */
#define R_KM_ERROR_PEER_CERTIFICATE               10041
In RKM C Client 2.7.x, "certHostnameVerification" defaults to false. In DPM C Client 3.1, it was changed to default to true (KMCCLT-523).
 
Legacy Article IDa59430

Attachments

    Outcomes