Publishing certificates with multiple OU values
Originally Published: 2003-01-07
Article Number
Applies To
Sun Solaris 2.8
Microsoft Windows 2000
Issue
confirmEntry: unable to locate or add entry [CN=John Doe, OU=IT Dept, OU=Security, OU=Acme Class3 CA, O=Acme Inc., dc=cert,dc=acme, dc=com]
Cause
dc=cert,dc=acme, dc=com
O=Acme Inc.
OU=Acme Class3 CA
The external publishing of Keon Certificate Authority has been configured as follows:
Base DN: dc=cert,dc=acme, dc=com
Certificate DN: CN,OU,O
A bug in version 6.0.2 allowed certificates with multiple OU values to be published to this point; the bug has now been corrected in KCA 6.5, and the same publishing scheme will value the given error.
Resolution
Base DN: OU=Acme Class3 CA,O=Acme Inc.,dc=cert,dc=acme, dc=com
Certificate DN: CN
This will now mean that only the CN value is used from the certificate and will publish to the OU=Acme Class3 CA part of your tree.
Workaround
Related Articles
How to publish CA certificate and user certificate under the same OU ? Number of Views Leaver Rule–Deprovision is not moving Disabled Accounts to the Disabled OU in RSA Governance & Lifecycle Number of Views How to Include or Exclude an Active Directory OU from the Microsoft LDAP directory on RSA Authentication Manager 8.x Number of Views Anti-virus agent best practices for enVision Number of Views What is the impact of a domain migration in RSA Identity Governance and Lifecycle Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
