|Applies To||RSA ClearTrust 5.5.x|
Microsoft Windows 2000
Microsoft Internet Information Server (IIS)
|Issue||How to enable RSA ClearTrust to normalize user certificate DN strings before they are stored within the datastore|
Insignificant spaces around DN delimiters are not being ignored in RSA ClearTrust
Certificate authentication fails when spaces are present between the DN components of the distinguished name string. Some LDAP attribute types used to store the certificate's distinguished name string do not properly ignore insignificant spaces.
|Resolution||This issue has been resolved in a hot fix for RSA ClearTrust 5.5.3. Contact RSA Security Customer Support to obtain hot fix 126.96.36.199, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).|
This fix includes a configuration parameter, cleartrust.data.ldap.user.normalize_certdn, that enables ClearTrust to normalize user certificate DN strings before they are stored within the datastore. Normalization is generally not necessary if the syntax of the attribute type used to store the string has the proper equality matching rules for ignoring insignificant spaces around the DN delimiters. If normalization is required then this parameter should be set to true.
|Legacy Article ID||a28986|