A key recovery session only reads 1 card out of a 2 of 3 OCS then stops
Originally Published: 2003-04-15
Article Number
Applies To
Sun Solaris 2.8
Microsoft Windows 2000
Issue
Cause
Resolution
The first of your KRO operators goes to Screen #1, connects to the Web page (https://machine:444/xpkrs/recover.html) , puts their smartcard in the nCipher system and authenticates. Having done this, they will get the initial KRO administrator screen.
At the second screen, where a second KRO vettor certificate has been requested and downloaded and a second person connects to the Web page (https://machine:444/xpkrs/recover.html) , they will get a slightly different result, they will get the actual screen needed to recover the specific key.
When the system is initially configured, a timeout for the OCS set is configured; thus, the two KRO operators need to have authenticated on their separate screens within that time interval.
You also need to have two KRO certificates (keypairs), as you cannot simply copy a PKCS#12 file of one KRO administrator keypair between two browsers - the system will recognize that the say keypair has been used.
Some versions of browsers will allow everything to be done on one single physical PC, where the system is able to recognize that two different browser applications should be treated independently.
Scenario 1 - correct method:
- Internet Explorer 6.0 on Windows 2000, you may launch two copies of IE, then connect both to the KKRM Web page (xpkrs/recover.html) where two different KRO keypairs exist on the PC. As you connect with each browser session, ensure that a different KRO certificate is selected for each of the sessions.
Scenario 2 - incorrect method:
- If you launch one copy of Internet Explorer, connect to the Web page, and then do "File | New Window", the second window would inherit the SSL credentials of the first, and hence both would connect with the same certificate (and therefore not work).
Related Articles
What is process to change the nCipher Operator Card Set (OCS) in RSA Certificate Manager? Number of Views How to report OC admin activity immediately and forward it to Syslog? Number of Views Generating a Software Token Report with extra information for Authentication Manager Number of Views How to update an Active Directory Account Attribute to have no value <not set> using an Active Directory AFX Connector in … Number of Views Cherry Smart Card-Reader stops working after the RSA Authentication Agent for Windows is installed Number of Views
Trending Articles
How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide The Template ({Connector Template Name}) has missing file content error when creating AFX Connectors in RSA Identity Gover… Downloading RSA Authentication Manager license files or RSA Software token seed records Troubleshooting RSA MFA Agent for Microsoft Windows
Don't see what you're looking for?
