|Applies To||RSA Product Set: Certificate Manager, Registration Manager|
RSA Version/Condition: 6.7, 6.8, 6.9
Platform: Microsoft Internet Explorer 6.0 SP2
|Issue||The error below shows on the browser when an RSA Certificate Manager (RCM) administrator attempts to approve an RSA Registration Manager's (RRM's) request for access to an additional jurisdiction, through RCM administrative interface -> Administrator Operations workbench -> RM Jurisdictions -> request-active.|
After receiving the above error on the browser, the RRM request does not show on RCM under request-active or request-approved options of RCM administrative interface -> Administrator Operations workbench -> RM Jurisdictions.
After receiving the above error on RCM, the jurisdiction to which a request was made from RRM is still listed under disabled jurisdictions (RRM administrative interface -> Administrator Operations workbench -> Jurisdictions -> disabled option) and it can not be removed from the list (as there's no checkbox against it).
|Cause||The RCM LDAP ACLs either does not have the following rule or if it exists, there's a typo in the md5 of the admin.cert in the rule (this rule must be placed after the rule for access to filter="objectclass=gid"): |
[Note that the value 333888813334444666667777 shown in the rule below is an assumed md5 value for admin.cert and would be different for each RCM installation.]
|Resolution||Add an LDAP ACL as shown above (with the correct md5), or update the rule with correct md5 of RCM's admin.cert. This admin.cert is found at the RCM under \RSA_CM\Webserver\ssl\certs.|
Additionally, RSA Registration Manager must be updated as listed below to allow another request for the jurisdiction that is in the disabled list on RRM but does not show up on RCM due to the problem described above:
|Legacy Article ID||a39032|