000022751 - RSA Registration Manager installation fails at the last step with no option to apply LDAP ACL rule changes

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022751
Applies ToRSA Registration Manager 6.6
Keon Registration Authority 6.5.1
IssueRSA Registration Manager installation fails at the last step with no option to apply LDAP ACL rule changes
RSA Registration Manager Administration Server cannot be accessed if target CA is subordinate CA when Microsoft Windows 2000 hotfix Q329115 applied
RSA Registration Manager Enrollment Server cannot be accessed if target CA is subordinate CA when Microsoft Windows 2000 hotfix Q329115 applied
CauseIf the Microsoft Windows 2000 hotfix Q329115 was applied to the machines where RSA Certificate Manager and RSA Registration Manager are installed, and you use Microsoft Internet Explorer 5.5 or 6.0 to administrate RSA Registration Manager, you will be unable to access the RSA Registration Manager Administration Server if its target CA is a subordinate CA.

The Microsoft hotfix deals with identity spoofing in that someone with an end-entity certificate could then issue a certificate even though they are not really a CA. If the subordinate CA certificate includes the Basic Constraints and Key Usage extensions, then access is restored.
Resolution

To correct this issue, either create the subordinate CA certificate with the Basic Constraints and Key Usage extensions, or re-sign the subordinate CA, adding the two extensions at that time.

Legacy Article IDa30126

Attachments

    Outcomes