000021277 - RSA Keon Certificate Authority Admin reloads during LDAP SEARCH for all active certificates

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021277
Applies ToKeon Certificate Authority 6.0.2
Microsoft Windows 2000 Server SP4
Apache
IssueRSA Keon Certificate Authority Admin reloads during LDAP SEARCH for all active certificates
Intermittently during certificate external publishing process (usually after 5 or 6 successful postings), the KCA Admin service appears to fail. The page is not available, and there is a message in the application event log that the KCA Admin service has reloaded.
When the Publish button is clicked on approved certificates, the Apache administration server occasionally reloads (crashes). This does not cause a disruption in service, since the server automatically starts again.
CauseThe problem was in XudaCAPublishCertificate(), the manual publishing Keon API function. The crash occurred because a XANY object was freed twice. The temporary object was created by the xparse wrapping code, and passed to the Keon API function. Within XudaCAPublishCertificate(), XudaXPTIA5Get() was called for that object. Because the object was temporary, XudaXPTIA5Get() freed it, but without initializing it to NULL. In the cleaning part of XudaCAPublishCertificate(), the same object was freed the second time, generating an Apache crash.
ResolutionThis issue has been resolved in a hot fix to RSA Keon Certificate Authority 6.0.2. Contact RSA Security Customer Support and asked for the hot fix for KCA 6.0.2 build 119 or newer.
Legacy Article IDa21852

Attachments

    Outcomes