|Applies To||Keon Registration Authority 6.5|
Keon Certificate Authority 6.5
nCipher Hardware Security Module
|Issue||Unable to complete KRA installation against KCA with nCipher|
Unable to proceed past KRA installation after selecting target CA from drop-down menu. Page indicates "PIN for Signer's Key".
You are about to perform an operation that requires a signature from the KCA "Your CA" using its hardware based key. Please provide the PIN of cardset "Your Cardset", through which the hardware token containing the key can be addressed.
You cannot install a KRA instance against a hardware-based CA where with a cardset M of N where M is greater than one and the CA is configured to prompt for operator cards
To correct this issue, either configure the KCA so the cardset is loaded at startup, or use a cardset M of N where M is one.
NOTE: This is a logical constraint. It is not practical to use the Keon Registration Authority to remotely administer a CA where an operator is required to be at the CA site to manipulate the cardset.
|Workaround||Protecting a CA with an nCipher M of N cardset|
|Legacy Article ID||a20701|