Can /KMS/provider be accessed through a browser or other HTTP clients for checking system health
3 years ago
Originally Published: 2007-10-09
Article Number
000061136
Applies To
RSA Key Manager Server 2.0.2
Microsoft Windows 2003 Server SP1
Issue
Can /KMS/provider be accessed through a browser or other HTTP clients for checking system health
Accessing /KMS/provider through a browser or other HTTP clients (non-RKM Client) produces the following page (regardless of the HTTP or HTTPS protocol used, and whether accessed through a web server proxy or directly on the application server):

KMS Provider
To Protect and Serve
Error "Client failed to provide certificate" shows up in RSA Key Manager server logs:

ERROR TP-Processor3 com.rsa.kms.transport.servlet.ProviderServlet - Client failed to provide certificate
com.rsa.kms.key.support.KeyProviderException: Client failed to provide certificate
at com.rsa.kms.key.provider.DefaultKeyProviderManager.e(DashoA10*..:184)
at com.rsa.kms.key.provider.DefaultKeyProviderManager.a(DashoA10*..:103)
at com.rsa.kms.key.provider.DefaultKeyProviderManager.init(DashoA10*..:82)
at com.rsa.kms.transport.servlet.ProviderServlet.performGet(DashoA10*..:66)
...
User needs to monitor that KMS is still responding, thus will use /KMS/provider in a load balancer configuration
Cause
Though it is not intended for that purpose, the URL /KMS/provider can be used for system monitoring. However, keep in mind that doing so will generate a java exception 30 lines long each time the URL is accessed with a browser, or with a script.
Resolution
As of June 2010, there is a hotfix available for RKM Server 2.5.0.x (URL for system health check is /KMS/diagnostics.jsp). Please contact RSA Customer Support and reference the RFE KMSRV-248.

/KMS/diagnostics.jsp is also available in RKM Server 2.7.1.1.  Please contact RSA Customer Support and request RKM Server 2.7.1.1 or a later fix if your RKM Server is at version 2.7SP1.
Notes
BZ69011
KMSRV-248
Don't see what you're looking for?