000020952 - Program Error: 'req-authorize.xuda: Line 518: [XrcNOTFOUND] unable to locate requested member or object. Unable to sign certificate [unable to locate requested member or object]' while issuing VPN Server Certificate with KCA

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020952
Applies ToKeon Certificate Authority 6.5.1
Microsoft Windows 2000 SP3
Cisco VPN 3000 Concentrator
IssueProgram Error: "req-authorize.xuda: Line 518: [XrcNOTFOUND] unable to locate requested member or object. Unable to sign certificate [unable to locate requested member or object]" while issuing VPN Server Certificate with KCA
Cause
The CA Jurisdiction is configured for CRL publishing, and will automatically include a CRLdp (CRL Distribution Point extension). The PKCS#10 certificate request also contains a request for a CRLdp. There is a conflict with the automatic CRLdp and the one in the certificate request.
Resolution
To correct this issue, temporarily disable local CRL Publishing for the target jurisdiction. Then, issue the VPN server certificate. Next, re-enable CRL publishing for the jurisdiction. The VPN certificate will be issued with a CRLdp, and future client certificates will also include this extension. This issue will be resolved in a future KCA version.
Workaround
A PKCS#10 certificate request object is being used to request a certificate

CRL publishing has been enabled for a jurisdiction
Legacy Article IDa19652

Attachments

    Outcomes