Issue Description


The “Certificate Store Location” and “Certificate Store Name” settings for the REST and OData SmartObject Service type instances allowed the certificate store security model to be bypassed. Due to this a change in behavior is now introduced to no longer have these settings available.

Resolution

The fix is available in the following K2 versions:

K2 4.7 March 2018 Cumulative Update K2 Five (5.0) September 2018 Cumulative Update K2 Five (5.1) November 2018 Cumulative Update K2 Five (5.2) May 2019 Cumulative Update K2 Five (5.3)
X X X X Fix Pack 23
  1. Ensure you have the correct K2 version and/or Cumulative Update installed. See KB001893 to see what Fix Pack level you have installed.
  2. Download the latest Fix Pack using the links in the table above for the version you require.
  3. Install the Fix Pack to apply the fix.

Considerations


After installing this Fix Pack, the following error could occur if the configured certificate is not installed in the correct location: “Could not find a valid, matching certificate in the personal (CurrentUser\My) certificate store with your search method and value”.

Administrators should make sure that client certificates are installed under the CurrentUser\My store location.