000026030 - Unable to issue valid vettor certificate for RSA Registration Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026030
Applies ToRSA Registration Manager 6.6
Sun Solaris 2.8
IssueUnable to issue valid vettor certificate for RSA Registration Manager
RSA Registration Manager installation's Admin certificate can access the Administration console, but new Vettors can not
New Vettors not being prompted for certificate to access Registration Manager Admin console
CauseOnly SSL certificate profiles was configured on jurisdiction used by the Registration Manager. These certificates could not be used for SSL client authentication.
ResolutionBefore issuing the RM Vettor/Admin certificate, disable profile enforcement on jurisdiction and have "Vettor can override" enabled. Issue Vettor/Admin certificate with profile "no extensions" selected.
WorkaroundTarget jurisdiction configured specifically for SSL Server certificates with "Vettor can override" disabled and enforce profile enabled.
NotesSolution Keon Registration Authority administrator or vettor gets V3 certificate instead of the V1 also covers this issue
Legacy Article IDa32556