000021802 - Problems with RSA Keon Certificate Authority service startup

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021802
Applies ToKeon Certificate Authority 6.0.2
Sun Solaris 2.8
IssueProblems with RSA Keon Certificate Authority service startup
Certificate Management Protocol (CMP) server does not start up
KCA Service startup appears to proceed normally, until the final part -- CMP startup -- dies with the following in syslog:

Feb 1 15:19:14 kcahost CMPServer : [22769]: [ID 760941 user.error] Either the Xuda-Daemon/Process is not running or internal Xudad error

There also messages in the WebServer/error_log as:
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
(ERROR) !LDAP Search(): [XrcLDAPUNABLE] unspecified failure in LDAP operation.
[Tue Feb 1 15:05:22 2005] [info] removed PID file /opt/rsa/RSA_KeonCA/WebServer/logs/httpd.pid (pid=28805)
[Tue Feb 1 15:05:22 2005] [notice] caught SIGTERM, shutting down kcahost.acme.com

After the startup stops, the xudad process still appears to be running as does the xslogsrv process, but httpsd and cmpserver are no longer there.
KCA System CA recently re-signed
CauseKCA CMP SSL certificate expired
ResolutionTo correct this issue, re-sign the KCA CMP SSL certificate with the System CA  per instructions in the KCA Administration Guide.
Legacy Article IDa25045

Attachments

    Outcomes