000020212 - How to republish CRL Signer certificate when CRL Signer certificate cannot be found in the external Directory Server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020212
Applies ToKeon Certificate Authority
Keon Certificate Authority 6.5
UNIX (AIX, HP-UX, Solaris)
Sun Solaris
IssueHow to republish CRL Signer certificate when CRL Signer certificate cannot be found in the external Directory Server
CRL Signer certificate cannot be found in the external Directory Server
Network problems between KCA and external Directory Server
xudad[13493]: [ID 373491 local0.info] (AUDIT FAILURE) Signer certificate publication: md5=898cd449c2bd2b2e7b6be613ee47af94 failed [XrcNOTFOUND:unable to locate requested member or object]
buildAttrTable: unable to locate requested member or object: EMAIL
ResolutionThere is no functionality that can republish the CRL Signer certificate if the publishing fails when CRL Signer certificate is created.

A workaround for this is to "Download" the CRL Signer certificate and manually store the certificate in the external Directory server. Alternatively, after external publishing has been fixed, create a new CRL Signer certificate either manually or with CRL timer.
Legacy Article IDa15246

Attachments

    Outcomes