000025929 - Unable to complete KRA installation against KCA with nCipher

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025929
Applies ToKeon Registration Authority 6.5
Keon Certificate Authority 6.5
nCipher Hardware Security Module
IssueUnable to complete KRA installation against KCA with nCipher
Unable to proceed past KRA installation after selecting target CA from drop-down menu. Page indicates "PIN for Signer's Key".

You are about to perform an operation that requires a signature from the KCA "Your CA" using its hardware based key. Please provide the PIN of cardset "Your Cardset", through which the hardware token containing the key can be addressed.
Cause
You cannot install a KRA instance against a hardware-based CA where with a cardset M of N where M is greater than one and the CA is configured to prompt for operator cards
Resolution
To correct this issue, either configure the KCA so the cardset is loaded at startup, or use a cardset M of N where M is one.

NOTE: This is a logical constraint. It is not practical to use the Keon Registration Authority to remotely administer a CA where an operator is required to be at the CA site to manipulate the cardset.
WorkaroundProtecting a CA with an nCipher M of N cardset
Legacy Article IDa20701

Attachments

    Outcomes