|Applies To||Keon Certificate Authority 5.7|
Keon Certificate Authority 6.0
Certificate Management Protocol (CMP)
|Issue||Issue with Certificate Management Protocol (CMP) when upgrading from KCA 5.7 to 6.0|
Created a CA, added Certificate Management Protocol (CMP) information and then did some requests to the CMP server and it then answered with "CMP Could not verify protection".
|Resolution||An automated solution will be made available in an future Hot Fix. In the meantime, here is a manual workaround to this problem. After performing the upgrade:|
1. In the Administration Console, select the "System Configuration" workbench from the toolbar
2. Select 'LDAP rules' link.
3. Find LDAP ACL entry 'access to filter="objectclass=xuda_cmp_keyid"'.
4. Copy the 2nd access rule from this LDAP ACL entry. The access rule looks like this
'by dn="md5=<cmpserver's ssl cert md5>" read'.
There should be only one.
5. Find LDAP ACL entry 'access to filter="objectclass=xuda_domain_config"'.
6. Paste the rule copied in step 4 to this entry before the following rule
by dn="rsakeon_products" read
NOTE it is important to keep same formatting and spacing as the rest of the rules.
7. Select the 'Save ACL rules to database' button.
|Legacy Article ID||a7824|