000020699 - Key Server no longer has the capability to validate incoming key list requests against the DNS name created for the Key Client

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020699
Applies ToRSA ClearTrust 5.0.1
RSA ClearTrust Dispatcher/Key Server
IssueKey Server no longer has the capability to validate incoming key list requests against the DNS name created for the Key Client
ResolutionTo correct this issue, contact RSA Security Customer Support and reference hot fix 00036951. This hot fix adds a parameter "cleartrust.keyserver.session_key_dns_check=true" that forces the Key Server to validate incoming key requests against the DNS name created originally for this client.

If the request comes from a secret which does not match the DNS name, the client will be denied access to the current key list.
Legacy Article IDa18260

Attachments

    Outcomes