000025926 - Custom KCA certificate profile extension can be changed by Vettor though set as not editable

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025926
Applies ToKeon Certificate Authority 6.5.1
Sun Solaris 2.8
Microsoft Windows 2000 Server SP4
IssueCustom KCA certificate profile extension can be changed by Vettor though set as not editable
The "editable : false" and "visible : false" parameters of the cRLDistPoints profile extension are not enforced by the GUI
Using custom KCA certificate profile extension to set CRLdp:

{
  name : 'CRL Distribution Points',
  type : 'mandatory',
  autogenerate : false,
  noncritical : {
    def : false,
    editable : false,
    visible : false,
    type : 'mandatory'
  },
  cRLDistPointsSyntax : {
    def : 1,
    min : 1,
    max : 10,
    visible : false,
    editable : false,
    type : 'mandatory',
    elements : [
      {
        editable : false,
        visible : false,
        type : 'mandatory',
        distributionPoint : {
          def : 'fullName',
          editable : false,
          visible : false,
          type : 'mandatory',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : false,
            visible : false,
            elements : [
              {
                def : 'uRI',
                editable : false,
                visible : false,
                type : 'mandatory',
                value : {
                  def : 'http://kca.acme.com:80/CRL/CA.crl',
                  editable : false,
                  visible : false,
                  type : 'mandatory',
                  validator : 'extCheckGenName(this)'
                }
              }
            ]
          }
        }
      }
    ]
  }
}
CauseProblem found in the template distributionPointName.xuda. Basically, the problem in the template is the use of a hard-coded 'SELECT' HTML FORM input element instead of calling the JavaScript function 'extSelection' which properly handles the visible and editable attributes of the extension script.
ResolutionThe extension script has been redesigned, and allows for the correct handling of the visible and editable attributes of the extension script. Contact RSA Security Customer Support and ask for KCA 6.5.1 build 223 hot fix.
Legacy Article IDa20712

Attachments

    Outcomes