000037678 - RSA Authentication Manager Prime Help Desk Admin (HDAP) and/or Self-Service Portal (SSP) not accessible after upgrade to RSA Authentication Manager 8.4

Document created by RSA Customer Support Employee on Jul 24, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037678
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, Authentication Manager Prime
RSA Version/Condition: 8.4
IssueAfter upgrading to RSA Authentication Manager 8.4, users aren't able to login to the Authentication Manager Prime Help Desk Admin Portal (HDAP) and/or Self Service Portal (SSP). If you check the log file <AMIS_installation_directory>/logs/am8.log, the following error will appear:

Could not access HTTP invoker remote service at [/ims-ws/httpinvoker/CommandServer]; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
CauseRSA Authentication Manager 8.4 mandates TLS 1.2 in strict mode. Java versions prior to JRE/JDK 8.x do not. When AMIS running JRE 7 or older sends a client hello using a protocol other than TLS 1.2 to Authentication Manager 8.4 during the SSL handshake, Authentication Manager refuses to complete the handshake. 
ResolutionFollow these steps to resolve this issue:
  1. Download and Install Java JRE 8 or higher on the system where Authentication Manager Prime is installed.
  2. Stop all Authentication Manager Prime services (i.e., AMIS, SSP, HDAP).
  3. Point Tomcat to the newly installed Java location. Refer to article 000030993 - RSA Authentication Manager Prime services fail to start after Java update on a Windows server: Error Failed creating java for more information.
  4. Start all Prime services