How many levels of Sub-CA chaining are supported in Sentry CA 3.x?
Originally Published: 2001-07-24
Article Number
Applies To
TechNote 0131
Issue
Have the Sub-CA chaining more than 11 levels.
When starting Sentry CA services, the following error message appears:
The secure directory server does not appear to be reachable. Remember that you must start it before attempting to start the Web server. You will be unable to make client-authenticated connections to this server until you restart it with a running directory server.
test.xxxxx.com: error setting default verify locations:
[unable to contact directory server]
Cause
Resolution
For Netscape browsers to correctly follow this chain, all intermediate CAs must have the appropriate netscape_cert_type extension for the given protocol. So for SSL, intermediate CAs MUST have bit 5 (SSL CA) asserted (similarly, for S/MIME, intermediate CAs would need bit 6 - S/MIME CA - asserted). The Root CA does not need this assertion.
Related Articles
“An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle Number of Views RSA SecurID Web Tier is not working and has a status of "Offline" or "Offline, reinstall required" in the Authentication M… Number of Views Configure Audit Logging in the Cloud Administration Console Number of Views Checking name resolution and port connectivity for Web Tier instance on a supported Red Hat platform - RSA Authentication … Number of Views Workflow variable ${jobUserData_WorkItemURL} doesn't get resolved for email reminder workflow in RSA Identity Governance a… Number of Views
Don't see what you're looking for?
