Under CA Options on RRM failure when downloading a CRL or CA

3 years ago

Originally Published: 2012-02-07

Article Number

000060699

Applies To

RSA Registration Manager (RRM)
RSA Registration Manager 6.8
Microsoft Windows Server 2008 R2

Issue

Under CA Options on RRM, failure when downloading a CRL or CA
Browsing to the RM?s enrollment portal, select CA Options and try to download a CRL - fails with this screen:

!LDAP Search(): [XrcXUDAUNABLE] unable to contact directory server.
Browsing to the RM?s enrollment portal, select CA Options and error occurs when attempt to download the CA Certificate:

send-ca-cert.xuda: Line 434: [XrcXUDAUNABLE] unable to contact directory server. Download CA certificate failed.

Cause

RRM needs both ports 389 and 636 open to contact the RRM.
Port 389 is still used by RRM to get some objects from RCM.
Accessing CRL or CA certificate is not considered to be a secure operation (as those are signed objects) so RRM is using non-SSL port.

Resolution

The following ports must be opened in the firewall to allow communication between RRM and RCM:

Protocol    Port    Transport    Notes
--------    ----    ---------    -----------------------------------------
LDAP         389       TCP       Used to access the XUDA Directory Server
LDAPS        636       TCP       LDAP over SSL

NOTE: This assumes the ports for RCM have not changed from default during the installation process
To only use LDAP over SSL (port 636) from RRM to RCM, comment out the following line in the send-ca-cert.xuda file:

[@secureRemote=no]

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles