000019635 - Keon Web PassPort doesn't upload new credentials to Active Directory

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019635
Applies ToKeon Web PassPort 1.1.1
Microsoft Windows 2000 Advanced Server
Microsoft Active Directory
Keon Certificate Authority OneStep 6.0
IssueKeon Web PassPort doesn't upload new credentials to Active Directory
End user's browser keeps getting sent to the KCA for a signing certificate when using Keon Web Passport with Keon OneStep
User logs out of virtual card and logs back in; user then sent for another signing certificate
Applying for a standard manual signing certificate works correctly
Signing certificate never gets written to AD/LDAP, but encryption certificate does
CauseRan custom OneStep.exe that puts digitalSignature and keyEncipherment into the keyUsage extension, and the certificate didn't load. Then modified custom OneStep.exe so only digitalSignature is in the keyUsage extension, and the certificate loads into the virtual card and AD/LDAP gets updated.
ResolutionWhen using single purpose certificates, the signing certificate cannot contain keyEncipherment in the keyUsage extension, only digitalSignature.
Legacy Article IDa10921

Attachments

    Outcomes