Article Content
Article Number | 000038779 |
Applies To | RSA Product Set: SecurID Access RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.4 patch 4 and above |
Issue | Attempting to connect RSA Authentication Manager to the Cloud Authentication Service through a proxy server from the Security Console (Home > Configure the connection), fails with the following messages: Failed to register to the Cloud Authentication Service Connection failed to Cloud Authentication Service The /opt/rsa/am/server/logs/imsTrace log from the RSA Authentication Manager server shows: 2020-04-17 14:22:07,977, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:624), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, INFO, <Authentication Manager hostname>,,,,processRequest: casRegistration 2020-04-17 14:22:08,052, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:644), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR, <Authentication Manager hostname>,,,,Failed to initialize connection javax.net.ssl.SSLException: Certificate not verified Caused by: com.rsa.sslj.x.aL: Certificate not verified. at com.rsa.sslj.x.bh.a(Unknown Source) at com.rsa.sslj.x.bh.a(Unknown Source) at com.rsa.sslj.x.bh.a(Unknown Source) ... 86 more Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path. at com.rsa.sslj.x.ck.a(Unknown Source) at com.rsa.sslj.x.ck.checkServerTrusted(Unknown Source) at com.rsa.sslj.x.aF.a(Unknown Source) ... 89 more 2020-04-17 14:22:08,058, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:406), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR, <Authentication Manager hostname>,,,,Unable to set connection com.rsa.admin.casapimgt.CASConnectionManagerException: Authentication Manager cannot connect to Cloud Authentication Service. Connection failed. |
Cause | This error occurs with the combination of the proxy server using SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service and RSA Authentication Manager not trusting the certificate from the proxy server. |
Resolution | There are two ways to resolve this issue:
|