Why does OneStep generate two certificates if key-recovery is enabled in target jurisdiction?
Originally Published: 2006-12-21
Article Number
Applies To
RSA Certificate Manager 6.6
RSA Certificate Manager OneStep
RSA Certificate Manager using OneStep sample
RSA Certificate Manager OneStep 6.6
Issue
OneStep CGI generates two certificates when key-recovery option is enabled in the target jurisdiction. There is apparently no way to configure OneStep to only issue one certificate and not to issue the second certificate. The second certificate is a key-recoverable encryption certificate issued for each certificate obtained through OneStep.
If key-recovery option is disabled in the target jurisdiction configuration, the second certificate (key-recoverable encryption certificate) is not issued automatically.
The p12 file for encryption is zero (0) bytes in size.
Resolution
OneStep CGI in Build 307 has been updated to support OneStep plug-in version KCSOSV_VERSION_6. If the plug-in version is set to KCSOSV_VERSION_4 or KCSOSV_VERSION_5, then two certificates are generated by OneStep CGI if jurisdiction is key-recovery enabled. If the plug-in version is set to KCSOSV_VERSION_6 and the following conditions are true, then two certificates (including the key-recoverable encryption certificate) are generated otherwise only one certificate is generated:
-- The jurisdiction used by OneStep is key-recovery enabled
-- KCSOSD_KRCERT_GENERATE is set (to any value); other corresponding OneStep key-recovery parameters remain optional, as documented in the RSA OneStep Developer's Guide
-- KCSOSD_KEYUSAGE is set to KCSOSV_KEYUSAGE_SIGNING
In the OneStep html file enroll_msie_flat.html, add these two lines:
<INPUT TYPE="HIDDEN" NAME="KCSOSD_KEYUSAGE" VALUE="KCSOSV_KEYUSAGE_SIGNING">
<INPUT TYPE="HIDDEN" NAME="KCSOSD_KRCERT_GENERATE" VALUE="TRUE">
Related Articles
Administration Log Messages for Cloud Access Service (80001 - 81402) Number of Views User Event Monitor Messages for Cloud Access Service (02 - 345) Number of Views In which scenarios does RSA ACS Server return the CAVV (VISA) / UCAF (MC) Value in the Payment Authentication (PA) Respons… Number of Views User Event Monitor Messages for Cloud Access Service (1501 - 20406) Number of Views User Event Monitor Messages for Cloud Access Service (20601 - 38000) Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
