Code Fix: Settings on the REST and OData SmartObject service type allowed the certificate store security model to be bypassed
KB003384
PRODUCT
Issue Description
The “Certificate Store Location” and “Certificate Store Name” settings for the REST and OData SmartObject Service type instances allowed the certificate store security model to be bypassed. Due to this a change in behavior is now introduced to no longer have these settings available.
Resolution
The fix is available in the following K2 versions:
K2 4.7 March 2018 Cumulative Update | K2 Five (5.0) September 2018 Cumulative Update | K2 Five (5.1) November 2018 Cumulative Update | K2 Five (5.2) May 2019 Cumulative Update | K2 Five (5.3) |
---|---|---|---|---|
X | X | X | X | Fix Pack 23 |
- Ensure you have the correct K2 version and/or Cumulative Update installed. See KB001893 to see what Fix Pack level you have installed.
- Download the latest Fix Pack using the links in the table above for the version you require.
- Install the Fix Pack to apply the fix.
Considerations
After installing this Fix Pack, the following error could occur if the configured certificate is not installed in the correct location: “Could not find a valid, matching certificate in the personal (CurrentUserMy) certificate store with your search method and value”.
Administrators should make sure that client certificates are installed under the CurrentUserMy store location.