RSA Certificate Manager (RCM)
Getting XrcLDAPUNABLE when calling XudaCASignCertificate and connecting to the Secure Directory over port 389
Getting XrcXUDAUNABLE when calling XudaParsePKCS10Request and connecting to the Secure Directory over port 636
Call of XudaParsePKCS10Request is done prior to setting the SSL/Cert/Key
Unable to sign certificate request using the RCM 6.7 API
The API must know of the client SSL certificate in order to connect to the Secure Direfctory.
The call XudaParsePKCS10Request needs to connect to the Secure Directory in order to retrieve the schema of the xuda_cert_req LDAP object, which is why over port 389 the operation will succeed but will later fail to sign when calling XudaCASignCertificate.
Code snippet:
if ((rc=XudaInit(&session, NULL)) != XrcOK)
{
printf("Can't init!, result is %d\n", rc);
goto cleanup;
}
printf("Setting CA port & address...\n");
rc = XudaSetResourceValue(session, XresCAPORT, ldapport, XresCAMACHINE, ldaphost, NULL);
if (rc != XrcOK)
{
printf("Unable to point to remote CA: (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
rc = XudaSetResourceValue(session, XresSSLLDAP, 1, NULL);
if (rc != XrcOK)
{
printf("Unable to set comms with CA over SSL (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
sslCert = RSAKEON_BuildX509CertFromFile(certFile);
if (sslCert == NULL)
{
printf("Unable to create extract SSL Cert (%d) %s\n", rc, XC_XrcSymbol( rc ));
rc = XrcOTHERERROR;
goto cleanup;
}
rc = XudaSetResourceValue(session, XresSSLCERTIFICATE, sslCert, NULL);
XudaFree(sslCert);
if (rc != XrcOK)
{
printf("Unable to set SSL Key in session (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
rc = XudaCreateCryptoInfo( session, NULL, 0, 0, 0, "XCSP Default Provider", &decryptInfo );
if ( rc != XrcOK )
{
printf("Unable to create extract SSL Cert (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
rc = XudaModifyCryptoInfo( session, decryptInfo, "password", XudaXPTUTF8Temp(keyPassPhrase), NULL );
if ( rc == XrcOK )
rc = XudaSetResourceValue( session, XresCRYPTODECRYPT, decryptInfo, XresNULL );
if ( rc != XrcOK )
{
printf("Unable to set callback for decrypt (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
rc = XudaKeyReadFromFile( session, keyFile, &key );
if (rc != XrcOK)
{
printf("Unable to create extract SSL Key (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
sslKey = (void *)key;
rc = XudaSetResourceValue(session, XresSSLKEY, sslKey, NULL);
XudaFree(sslKey);
if (rc != XrcOK)
{
printf("Unable to set SSL Key in session (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Performing XudaParsePKCS10Request...\n");
rc = XudaParsePKCS10Request(session, XudaXPTUTF8Temp((char *)pkcs10), &certRequest);
if (certRequest == NULL)
{
printf("Unable to parse CSR, result is (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
if(juriID !=NULL)
{
rc = XudaSetResourceValue(session, XresJURISDICTION, XudaXPTUTF8Temp(juriID), NULL);
if (rc != XrcOK)
{
printf("Unable to set jurisdiction in session (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
}
printf("Setting validity period...\n");
rc = XudaSetResourceValue(session, XresVALIDITYPERIOD, 31556926, NULL);
if (rc != XrcOK)
{
printf("Unable to set XresVALIDITYPERIOD, (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Setting Certificate Request in session...\n" );
rc = XudaSetResourceValue(session, XresCERTREQUEST, certRequest, NULL);
if (rc != XrcOK)
{
printf("Unable to set XresCERTREQUEST, (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Performing XudaCASignCertificate...\n" );
rc = XudaCASignCertificate(session, XudaXPTUTF8Temp(camd5), certRequest, &issuedCert, NULL);
if (rc != XrcOK)
{
printf("error signing request, (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Performing XudaCertificateToPEM...\n" );
rc = XudaCertificateToPEM (session, issuedCert, &certText);
if (rc != XrcOK)
{
printf("error converting cert to PEM, (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Performing XudaXPTUTF8Get...\n" );
rc = XudaXPTUTF8Get(certText, &signedCertText);
if (rc != XrcOK)
{
printf("error XudaXPTUTF8Get, (%d) %s\n", rc, XC_XrcSymbol( rc ));
goto cleanup;
}
printf("Performing cleanup..." );
Related Articles
Generate a Certificate Signing Request Using the Operations Console Number of Views How to delete old or pending certificate signing requests for RSA Authentication Manager console or virtual host replaceme… Number of Views Delete unwanted Certificate Signing Requests (CSR) from the RSA Authentication Manager Operations Console Certificate Mana… Number of Views How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. Number of Views RSA Authentication Manager and Self-Signed Certificates Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
