|Applies To||RSA Registration Manager 6.6|
Sun Solaris 2.8
Keon Certificate Authority OneStep
|Issue||How to give Keon Certificate Authority OneStep access to more than one jurisdiction|
How to add two Keon Certificate Authority OneStep installations to two Jurisdictions utilized by custom plugin
|Resolution||It is possible to configure one Keon Certificate Authority OneStep installation pointing to different jurisdictions. To do so, modify the LDAP ACL rules.|
First, install the first instance of OneStep as you normally would. When approving the OneStep installation certificate, you must apply new ACL rules. This will create a new block like the following in the ACL rules (System Configuration Workbench > LDAP Rules):
# RM admin and scep server access to Target CA operations
# (signing) backend.
access to dn="id=<Jurisdiction ID for the OneStep installation>,md5=<MD5 of your CA>,o=ca,o=services"
by dn="md5=<MD5 of your OneStep certificate>" write
... block of <dn="md5..." write> ...
by dn=".*" none
To give OneStep access to your second jurisdiction, copy and paste the whole block (as shown above) you created and change the jurisdiction ID and MD5 of the second jurisdiction and it's CA's MD5.
NOTE: By default, OneStep does not support two jurisdictions, so it is up to your custom plugin to manage to which jurisdiction OneStep will request its certificates
|Legacy Article ID||a31056|