000021766 - Error: 'Error code 68 (XrcCONVERSIONFAILURE)' when signing an enforced CDP profile through RSA Keon API

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021766
Applies ToKeon Certificate Authority 6.5.1
Keon Certificate Authority 6.5.1 API
Microsoft Windows 2000
Sun Solaris 2.8
CRL Distribution Point (CRLdp) certificate extension
IssueError: "Error code 68 (XrcCONVERSIONFAILURE)" when signing an enforced CDP profile through RSA Keon API
A Jurisdiction has been set up to use a mandatory CRL Distribution Point profile definition in the Certificate Extension Profiles, and enforces this with the "Enforce Profile Definition" tickbox. This is done to ensure that requests made through the API are correct. The XudaEnforceProfile() function call is used in the API and returns XrcOK to confirm the request conforms with the enforced profile. However, signing the request object through with XudaCASignCertifiate() fails with error 68 (XrcCONVERSIONFAILURE).
Resolution
The following is an example of a CDP extension profile that can be enforced through the API, where the nameRelativetoCRLissuer value is not required as part of the CDP extension:

{
  name : 'CRL Distribution Points',
  type : 'mandatory',
  autogenerate : false,
  critical : {
    def : false,
    editable : false,
    visible : true,
    type : 'mandatory'
  },
  cRLDistPointsSyntax : {
    def : 1,
    min : 1,
    max : 10,
    visible : true,
    editable : true,
    type : 'mandatory',
    elements : [
      {
        editable : true,
        visible : true,
        type : 'optional',
        distributionPoint : {
          def : 'fullName',
          editable : true,
          visible : true,
          type : 'mandatory',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : true,
            visible : true,
            elements : [
              {
                def : 'uRI',
                editable : true,
                visible : true,
                type : 'mandatory',
                value : {
                  def : 'ldap://localhost:389/cn=Sonera',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                }
              }
            ]
          }
        }
      },
      {
        editable : true,
        visible : true,
        type : 'optional',
        distributionPoint : {
          def : 'nameRelativeToCRLIssuer',
          editable : true,
          visible : true,
          type : 'optional',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : true,
            visible : true,
            elements : [
              {
                oid : {
                  def : 'myOID',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                },
                type : {
                  def : 'myType',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                },
                value : {
                  def : 'MyValue',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                }
              }
            ]
          }
        }
      }
    ]
  }
}


The following is an example of a CDP extension profile that can be enforced through the API where the nameRelativetoCRLissuer value is required as part of the CDP extension:

{
  name : 'CRL Distribution Points',
  type : 'mandatory',
  autogenerate : false,
  critical : {
    def : false,
    editable : false,
    visible : true,
    type : 'mandatory'
  },
  cRLDistPointsSyntax : {
    def : 1,
    min : 1,
    max : 10,
    visible : true,
    editable : true,
    type : 'mandatory',
    elements : [
      {
        editable : true,
        visible : true,
        type : 'optional',
        distributionPoint : {
          def : 'fullName',
          editable : true,
          visible : true,
          type : 'mandatory',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : true,
            visible : true,
            elements : [
              {
                def : 'uRI',
                editable : true,
                visible : true,
                type : 'mandatory',
                value : {
                  def : 'ldap://localhost:389/cn=Sonera',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                }
              }
            ]
          }
        }
      },
      {
        editable : true,
        visible : true,
        type : 'optional',
        distributionPoint : {
          def : 'fullName',
          editable : true,
          visible : true,
          type : 'mandatory',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : true,
            visible : true,
            elements : [
              {
                def : 'rfc822Name',
                editable : true,
                visible : true,
                type : 'mandatory',
                value : {
                  def : 'Administrator@your-domain.com',
                  editable : true,
                  visible : true,
                  type : 'mandatory',
                  validator : 'extCheckGenName(this)'
                }
              }
            ]
          }
        }
      },
      {
        editable : true,
        visible : true,
        type : 'optional',
        distributionPoint : {
          def : 'nameRelativeToCRLIssuer',
          editable : true,
          visible : true,
          type : 'mandatory',
          value : {
            min : 1,
            max : 10,
            def : 1,
            editable : true,
            visible : true,
            elements : [
              {
                oid : {
                  def : '1.2.840.113549.1.9.1',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                },
                type : {
                  def : 'IA5String',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                },
                value : {
                  def : 'a@b.com',
                  editable : true,
                  visible : true,
                  type : 'mandatory'
                }
              }
            ]
          }
        }
      }
    ]
  }
}
Legacy Article IDa24924

Attachments

    Outcomes