?KMClient: Error getting key from KMS: Error from server: Access Denied?
3 years ago
Originally Published: 2008-12-18
Article Number
000051826
Applies To
RSA Key Manager Server 2.1.1
Microsoft 2003 Server SP1
RSA Key Manager C Client
Issue
?KMClient: Error getting key from KMS: Error from server: Access Denied?

The KMS server is returning the following error:

       ?KMClient: Error getting key from KMS: Error from server: Access Denied?


Running test tool getKey - byKeyClass an the following error was thrown:

       Failed to retrieve key after 3 retries
       KMClient: Error getting key from KMS: Error from server: Access Denied  
       GetKey failed: Error code = 4780018

/var/log/httpd/ssl_request_log:

       TLSv1 RC4-MD5 CN=Certificate "POST /KMS/rpc/emu HTTP/1.1"


Cause
The key class on KMS is not configured to auto-generate keys.

The cipher is not supported on the Key Manager Server.

To check the list of ciphers check the SSLCipherSuite directive in /etc/httpd/conf.d/ssl.conf on the Key.


Resolution
Verify that the KeyClass exist and that a key has been generated under the KeyClass or auto-generate key has been enabled for testing.
Validate that the cipher being used is supported.  If supported check enableFIPS(by default FIPS is set to true) in the client configuration file.  The RC4-MD5 cipher is not FIPS.
Notes
To change the client certificate to be FIPS check primus solution a58296: How to recreate a PKCS#12 and/or to change PKCS#12 password?

Related Articles

Trending Articles

Don't see what you're looking for?