000021505 - Keon Certificate Authority requires attributes not in Certificate Management Protocol (CMP) packets

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021505
Applies ToKeon Registration Authority 6.5.1
Certificate Management Protocol (CMP)
IssueKeon Certificate Authority requires attributes not in Certificate Management Protocol (CMP) packets
Autovetted Certificate Management Protocol (CMP) Requests returned without any attributes
ResolutionTo correct this issue, go to KCA Administration --> Certificate Operations --> select the jurisdictions CA --> Configure --> Sections / Extension Profiles --> check the Enforce Profile Definition checkbox.

Additionally, attributes must be configured for the default profile for the CA. To determine the default profile for the CA, go to System Configuration --> CMP --> Shared Secrets and examine the Profile column. You can select the desired profile there.

To enable attributes in the selected profile, go to System Configuration --> Genera --> Extension Profiles --> select Profile from pulldown and click Edit. Select the Mandatory radio button for the desired attributes, and click edit to modify the scripts to supply default values. If no default values are supplied, the attribute will not be passed. 
Legacy Article IDa23280

Attachments

    Outcomes