A key recovery session only reads 1 card out of a 2 of 3 OCS then stops
Originally Published: 2003-04-15
Article Number
Applies To
Sun Solaris 2.8
Microsoft Windows 2000
Issue
Cause
Resolution
The first of your KRO operators goes to Screen #1, connects to the Web page (https://machine:444/xpkrs/recover.html) , puts their smartcard in the nCipher system and authenticates. Having done this, they will get the initial KRO administrator screen.
At the second screen, where a second KRO vettor certificate has been requested and downloaded and a second person connects to the Web page (https://machine:444/xpkrs/recover.html) , they will get a slightly different result, they will get the actual screen needed to recover the specific key.
When the system is initially configured, a timeout for the OCS set is configured; thus, the two KRO operators need to have authenticated on their separate screens within that time interval.
You also need to have two KRO certificates (keypairs), as you cannot simply copy a PKCS#12 file of one KRO administrator keypair between two browsers - the system will recognize that the say keypair has been used.
Some versions of browsers will allow everything to be done on one single physical PC, where the system is able to recognize that two different browser applications should be treated independently.
Scenario 1 - correct method:
- Internet Explorer 6.0 on Windows 2000, you may launch two copies of IE, then connect both to the KKRM Web page (xpkrs/recover.html) where two different KRO keypairs exist on the PC. As you connect with each browser session, ensure that a different KRO certificate is selected for each of the sessions.
Scenario 2 - incorrect method:
- If you launch one copy of Internet Explorer, connect to the Web page, and then do "File | New Window", the second window would inherit the SSL credentials of the first, and hence both would connect with the same certificate (and therefore not work).
Related Articles
Recovery from Incorrect Network Settings Number of Views Cherry Smart Card-Reader stops working after the RSA Authentication Agent for Windows is installed Number of Views Where in enVision can we see which row was the last to be retrieved by the DB? Number of Views The approval workflow isn't working as expected when grouping by business source in the request form with the provisioning… Number of Views How to update an Active Directory Account Attribute to have no value <not set> using an Active Directory AFX Connector in … Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
