000025717 - Publishing certificates with multiple OU values

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025717
Applies ToKeon Certificate Authority 6.5
Sun Solaris 2.8
Microsoft Windows 2000
IssuePublishing certificates with multiple OU values
confirmEntry: unable to locate or add entry [CN=John Doe, OU=IT Dept, OU=Security, OU=Acme Class3 CA, O=Acme Inc., dc=cert,dc=acme, dc=com]
CauseThe Directory Server has the following structure:

dc=cert,dc=acme, dc=com
        O=Acme Inc.
                OU=Acme Class3 CA

The external publishing of Keon Certificate Authority has been configured as follows:

        Base DN:        dc=cert,dc=acme, dc=com
        Certificate DN:        CN,OU,O

A bug in version 6.0.2 allowed certificates with multiple OU values to be published to this point; the bug has now been corrected in KCA 6.5, and the same publishing scheme will value the given error.
ResolutionBy specifying you wish the system to take account of the OU value, this actually means take account of ALL OU values. The same results may be achieved with some changes to the external publishing values:

        Base DN:                OU=Acme Class3 CA,O=Acme Inc.,dc=cert,dc=acme, dc=com
        Certificate DN:                CN

This will now mean that only the CN value is used from the certificate and will publish to the OU=Acme Class3 CA part of your tree.
WorkaroundSystem was upgraded from Keon Certificate Authority 6.0.2
Legacy Article IDa14676