000021202 - How to update Root CA certificate in KRA after it has been re-signed on the KCA

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021202
Applies ToKeon Registration Authority 6.5.1
RSA Public Root Signing
IssueHow to update Root CA certificate in KRA after it has been re-signed on the KCA
Keon RA database not updated if target CA re-signed
If installing Root Chain in browser for updated root certificate and then logging into RA Admin, RA Admin does not display. But if you delete the certificate immediately above RA Admin, the problem is resolved.
Web server does not trust new root chain
CauseThe Root CA that has been re-signed is not updated in the KRA database. It contains the old Root certificate received during installation.
ResolutionThis issue has been resolved in a hot fix to RSA Keon Registration Authority 6.5.1. Contact RSA Security Customer Support to request KRA 6.5.1 build 228 hot fix. In Keon RA 6.5.1 build228, the re-signed CA certificate is copied to the Keon RA database when the "Synchronize Target Jurisdiction" button on the Synchronize Jurisdiction page is clicked.
Legacy Article IDa21600

Attachments

    Outcomes