Knowledge Base

Scenario

When you have a certificate for "mail_firstName=Firstame", "mail_lastName=Lastname", mail_email=test1@test.com   

later when you try to create a certificate for "mail_firstName=Firstame", "mail_lastName=Lastname", mail_email=test5@test.com", then you may receive the error

(A604)

"A certificate has already been issued with this enrollment information."! 

Cause

The subject DN must be unique for certificates to be created with the same SMIME profile.

Solution

In the Certificate profile there is no "mail_firstName" or "mail_lastName" defined. There only is a "Common Name (CN)". The policy defines three mandatory fields: mail_firstName, mail_lastName and mail_email. 

Edit the profile in the PKI Manager and add "Email" to the "Subject DN" to make the subject DN unique. After updating the policy a fourth mandatory field "emailAddress" can be populated.