RSA Key Manager Server
Microsoft Windows 2003 Server SP1
Apache Tomcat 5.5.20
RKM Server
RKM Client
The RKM Server log file (e.g. C:\Program Files\Apache Software Foundation\Tomcat 5.5\logs\key-manager.log) contains the following error when trying to retrieve a key:
com.rsa.kms.key.support.KeyProviderException: Client failed to provide certificate
or in RKM Server 2.1.2:
com.rsa.keymanager.access.certificate.DefaultCertificateIdentityEstablisher - Request does not contain a certificate.
or
com.rsa.keymanager.access.framework.AuthenticationException: The identity of the request could not be established.
When trying to retrieve key, the RKM C Client API returns
ERROR: 20010
If you are using the RKM 2.11 Java Client, running a sample (e.g. CheckConfig) gives output:
[java] Attempting to contact Key Manager Server
[java] Key Manager Server IS NOT AVAILABLE
[java] Possible reasons why the sample code is unable to access the
[java] server are:
[java] - The Key Manager server has not been started
[java] - The Key Manager server Master Password has not been entered
[java] - The Key Manager server host name or IP address in the
[java] configuration file is incorrect
[java] - The Key Manager server port number in the configuration file is
[java] incorrect
[java] - The Key Manager server certificate as configured at the client
[java] is not the correct certificate
[java] - An identity matching the client certificate has not been
[java] configured on the server
[java] - RSA Access Manager has not been correctly configured
[java] - The Web Server has not been correctly configured
RKM Java Client 1.5.x shows "Access Denied" message, e.g.
com.rsa.kmclient.KMSException: Unable to perfrom decryption : error : Unable to get a vaild key from KMS Server: Unable to get key from KMS Server : KMS Response error : KMSError from KMS Server : error : Access Denied
If you are using IIS 6:
Open IIS Manager. Under Web Sites, right-click Properties on your Default Web Site.
Click on the "Directory Security" tab -> Edit Secure Communications -> Select "Accept Client Certificate".
Click OK to close.
IIS 7:
1. Start IIS Manager (Server Manager > Roles > Web Server (IIS) > Internet Information Services)
2. Click on the Web Site
3. Double-click on SSL Settings
4. Under Client certificates, make sure that "Accept" or "Require" is selected
If you are using Apache:
Edit your httpd.conf (or httpd.d/ssl.conf), and look for SSLVerifyClient. Set it to the following:
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
Related Articles
Remove the attribute ID and attribute name appended to the user RADIUS attribute in RSA Authentication Manager 8.x Number of Views Unable to log into Configuration Manager or roll back after adding password key to schema in RSA Web Threat Detection 6.1 Number of Views Provide an Offline Emergency Access Tokencode Number of Views AWS Workspaces - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views Error 403 when trying to log in to RCM Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
