000025962 - Issue with Certificate Management Protocol (CMP) when upgrading from KCA 5.7 to 6.0

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025962
Applies ToKeon Certificate Authority 5.7
Keon Certificate Authority 6.0
Certificate Management Protocol (CMP)
IssueIssue with Certificate Management Protocol (CMP) when upgrading from KCA 5.7 to 6.0
Created a CA, added Certificate Management Protocol (CMP) information and then did some requests to the CMP server and it then answered with "CMP Could not verify protection".
ResolutionAn automated solution will be made available in an future Hot Fix. In the meantime, here is a manual workaround to this problem. After performing the upgrade:

1.  In the Administration Console, select the "System Configuration" workbench from the toolbar

2.  Select 'LDAP rules' link.

3.  Find LDAP ACL entry 'access to filter="objectclass=xuda_cmp_keyid"'.

4.  Copy the 2nd access rule from this LDAP ACL entry.   The access rule looks like this
      'by dn="md5=<cmpserver's ssl cert md5>" read'.
   There should be only one.

5.  Find LDAP ACL entry 'access to filter="objectclass=xuda_domain_config"'.

6.  Paste the rule copied in step 4 to this entry before the following rule

       by dn="rsakeon_products" read
   NOTE it is important to keep same formatting and spacing as the rest of the rules.

7.  Select the 'Save ACL rules to database' button.
Legacy Article IDa7824

Attachments

    Outcomes