Xudad crashes when a certificate request is submitted via OneStep
Originally Published: 2008-12-22
Article Number
Applies To
RSA Certificate Manager OneStep 6.8
Mozilla FireFox 3.0
Issue
RSA Certificate Manager (RCM) Secure Directory Server (Xudad) crashes when a certificate request is made via OneStep using a test html page on Firefox 3.0.1 browser on Windows. The same request submitted via Microsoft Internet Explorer (MSIE) does not result in the crash.
Cause
**************************
Names Supplied by the Browser
The following names are required for certificate generation. They should be supplied by the enrollment page, not by the plug-in, because the end user's browser creates the key pair.
Name: KCSOSD_PUBLICKEY
Description/Value: The public key of the end user to be placed in the generated certificate. The format of the public key depends on the browser being used. For Microsoft Internet Explorer browsers, the key is in the PKCS #10 generated by XEnroll.cab. For Netscape Navigator, Mozilla Firefox, and Mozilla browsers, the key is in SubjectPublicKeyInfo format. The PKCS #10 is parsed, and only the SubjectPublicKeyInfo is used. The remaining values in the PKCS #10, such as Subject Distinguished Name, attributes, and so on, are ignored. These values must be specified in the other name/value pairs.
**************************
The value KCSOSD_PUBLICKEY for MSIE should be a complete PKCS#10. For Netscape or FireFox, the value should be only SubjectPublicKeyInfo value. For OneStep, RCM checks the browser type. If it is MSIE, it retrieves SPKI from PKCS#10 and sets the SPKI value properly. For Netscape type of browsers, such as FireFox, it sets the value directly.
Resolution
While the test html page used with OneStep was incorrectly constructed (as explained above), Xudad should not have crashed. RSA Certificate Manager 6.8, Build 516, fixes the crash problem. A certificate will still not be issued when KCSOSD_PUBLICKEY is not set with correctly formatted value, however Xudad will not crash.
Workaround
Notes
Related Articles
This request contains no changes. It cannot be submitted error when adding entitlement belonging to a role in RSA Identity… Number of Views Accounts created from Change requests that have not been fully submitted in RSA Identity Governance and Lifecycle Number of Views A Business Role Request with an existing unsuccessful Pending Submission Request that creates a Pending Account can still … Number of Views RSA SecurID On-Demand Authentication (ODA) requires submitting the token within two minutes or 120 seconds after the PIN i… Number of Views In RSA Identity Governance & Lifecycle the warning 'No CSRF guard token was found in the submitted request' is encountered… Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
