Red Hat CERTIFICATE 8.0 RELEASE NOTES Guia de Instalação descarregar pdf (Página 31)

Table 7. Known Issues

Bug

Number

Description Workaround

223299 If a TKS master key is generated on a SafeNet LunaSA

HSM, server-side key generation fails with the following

error in the TKS debug log:

"can't generate key encryption key"

A similar message also appears in the debug log if

server-side key generation is turned on:

"TokenServlet: key encryption key

generation failed for CUID"

CUID is the card unique ID.

Do not use LunaSA HSMs to

generate keys for the T KS

subsystem.

223343 When an nCipher HSM is used for a Certificate System

instance, the nfast group needs to include the user ID

of the Certificate System instance process. For example,

since default Certificate System instances run as

pkiuser, then the pkiuser group needs to be added

as a member to the nfast group, if the Certificate

System group has not already been added as a

member.

Add the Certificate System

user, such as pkiuser, as a

member of the nfast group.

223391 If there are multiple enrollment operations using the

tpsclient tool when server-side key generation is

enabled in the T PS, then the DRM connection can time

out before the TPS can generate the keys. The tool will

then return the error Failed to generate key on server.

Please check DRM.

Edit the T PS CS.cfg

configuration file and increase

the timeout period for the

connection to the DRM by

adding the following line:

conn.drm 1.timeout=25

224837 The configuration wizard is still available even after the

subsystem instance configuration is complete.

224994 CEP currently logs any authentication failures during

enrollment to the system log. T hese should log to the

audit log.

233024 The auto enrollment proxy configuration is not added to

everyone's profile. T his is typically occurs when

configuring the auto enrollment proxy on Windows child

domains where the local administrator does not have

permission to modify the cn=configuration tree in

Active Directory. T he simplest workaround is to use the

Run as .. option to authenticate as the primary

domain controller administrator and to then try to modify

the cn=configuration. This relates to the

Populate AD option in AEP.

234884 The Phone Home UI pops up for both enrolled and

uninitialized tokens on RHEL4 and MAC OS X, even

Type in the Phone Home URL

and proceed.

Red Hat Certificate System 8.0 Red Hat Certificate System 8.0

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 43 44

Comentários a estes Manuais

Sem comentários

Red Hat CERTIFICATE 8.0 RELEASE NOTES Guia de Instalação Página 31

Comentários a estes Manuais

Manuais e produtos relacionados com Telefones Red Hat CERTIFICATE 8.0 RELEASE NOTES