000022464 - How to publish CA certificate and user certificate under the same OU ?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022464
Applies ToMicrosoft Active Directory
RSA Certificate Manager
Keon Certificate Authority
IssueHow to publish CA certificate and user certificate under the same OU ?
CA certificate and user certificate must be published to Active Directory under the same base DN. All the users are under an OU that was created.

By default, RSA Certificate Manager will not be able to publish CA certificate to a created OU.
Error from the Event viewer when trying to publish CA certificate :

CA certificate publication: md5=5a3b78eb4d82c9a99d0ab5abbff271a6 failed [XrcNOTFOUND:unable to locate requested member or object]
confirmEntry: unable to locate or add entry [CN=VCS CA, OU=Users and Groups,DC=vcs,DC=na,DC=rsa,DC=net]
CauseRSA Certificate Manager tries to publish the CA certificate to an LDAP object that does not exists.
ResolutionIn the following example, here is my setup:
  - The base DN where the users are located is 'OU=Users and Groups,DC=vcs,DC=na,DC=rsa,DC=net'
  - The CA Common Name is 'VCS CA'
  - I need to publish user certificates AND the CA certificate

Legacy Article IDa30402