000019751 - SCEP requests do not generate emails to vettors

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019751
Applies ToKeon Certificate Authority 6.0.x
Sun Solaris
Microsoft Windows 2000
IssueSCEP requests do not generate emails to vettors
CauseThe KCA requires a user with vetting privileges to access the KCA and approve outstanding requests. A default KCA Installation will not report that there are SCEP requests awaiting approval.
ResolutionThe SCEP server section of KCA is not designed to send emails to Administrators/Vettors like the rest of KCA, since much of SCEP is normally an automatic process (hence the option for autovetting).

If you wish to customize the system, you could alter the ./RSA_KeonCA/webserver/scep-server/cgi-bin/pkiclient.exe program. This is not binary executable - it is just a script file (it is called pkiclient.exe to fall in line with de-facto SCEP systems).

The following shows one single (simple) example of what you could do:

<!-- XUDA BEGIN -->

!if productTag="RSAKeonRA"

!if operation!""
   !AllTrim( operation )

!if id!""
   !AllTrim( id)

!if operation!""
  !if message!""
     !AllTrim( message )
  !if message!""
      !SCEPProcessRequest(operation, message, isRA, id )
        [@emailmsg=[DATE||MM/DD/CCYY],[TIME||TIMEFMT] SCEP request for Jurisdiction [id] received [operation]\n[message]\n]
        !EMail("vettor@acme.com","SCEP request",emailmsg)
<!-- XUDA END -->
WorkaroundAuto-vetting has been disabled
Legacy Article IDa11894