000022523 - How to enable RSA ClearTrust to normalize user certificate DN strings before they are stored within the datastore

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022523
Applies ToRSA ClearTrust 5.5.x
Microsoft Windows 2000
Microsoft Internet Information Server (IIS)
IssueHow to enable RSA ClearTrust to normalize user certificate DN strings before they are stored within the datastore
Insignificant spaces around DN delimiters are not being ignored in RSA ClearTrust
Certificate authentication fails when spaces are present between the DN components of the distinguished name string. Some LDAP attribute types used to store the certificate's distinguished name string do not properly ignore insignificant spaces.
ResolutionThis issue has been resolved in a hot fix for RSA ClearTrust 5.5.3. Contact RSA Security Customer Support to obtain hot fix 5.5.3.57, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).

This fix includes a configuration parameter, cleartrust.data.ldap.user.normalize_certdn, that enables ClearTrust to normalize user certificate DN strings before they are stored within the datastore. Normalization is generally not necessary if the syntax of the attribute type used to store the string has the proper equality matching rules for ignoring insignificant spaces around the DN delimiters. If normalization is required then this parameter should be set to true.
Legacy Article IDa28986

Attachments

    Outcomes