|Applies To||RSA Registration Manager 6.6|
Keon Registration Authority 6.5.1
|Issue||RSA Registration Manager installation fails at the last step with no option to apply LDAP ACL rule changes|
RSA Registration Manager Administration Server cannot be accessed if target CA is subordinate CA when Microsoft Windows 2000 hotfix Q329115 applied
RSA Registration Manager Enrollment Server cannot be accessed if target CA is subordinate CA when Microsoft Windows 2000 hotfix Q329115 applied
|Cause||If the Microsoft Windows 2000 hotfix Q329115 was applied to the machines where RSA Certificate Manager and RSA Registration Manager are installed, and you use Microsoft Internet Explorer 5.5 or 6.0 to administrate RSA Registration Manager, you will be unable to access the RSA Registration Manager Administration Server if its target CA is a subordinate CA.|
The Microsoft hotfix deals with identity spoofing in that someone with an end-entity certificate could then issue a certificate even though they are not really a CA. If the subordinate CA certificate includes the Basic Constraints and Key Usage extensions, then access is restored.
To correct this issue, either create the subordinate CA certificate with the Basic Constraints and Key Usage extensions, or re-sign the subordinate CA, adding the two extensions at that time.
|Legacy Article ID||a30126|