Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038779 - Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to the RSA SecurID Access Cloud Authentication Service

Document created by RSA Customer Support

on Apr 29, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038779
Applies To	RSA Product Set: SecurID Access RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.4 patch 4 and above
Issue	Attempting to connect RSA Authentication Manager to the Cloud Authentication Service through a proxy server from the Security Console (Home > Configure the connection), fails with the following messages: Failed to register to the Cloud Authentication Service Connection failed to Cloud Authentication Service The /opt/rsa/am/server/logs/imsTrace log from the RSA Authentication Manager server shows: 2020-04-17 14:22:07,977, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:624), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, INFO, <Authentication Manager hostname>,,,,processRequest: casRegistration 2020-04-17 14:22:08,052, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:644), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR, <Authentication Manager hostname>,,,,Failed to initialize connection javax.net.ssl.SSLException: Certificate not verified Caused by: com.rsa.sslj.x.aL: Certificate not verified. at com.rsa.sslj.x.bh.a(Unknown Source) at com.rsa.sslj.x.bh.a(Unknown Source) at com.rsa.sslj.x.bh.a(Unknown Source) ... 86 more Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path. at com.rsa.sslj.x.ck.a(Unknown Source) at com.rsa.sslj.x.ck.checkServerTrusted(Unknown Source) at com.rsa.sslj.x.aF.a(Unknown Source) ... 89 more 2020-04-17 14:22:08,058, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'], (CASApiAdminOperationsImpl.java:406), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR, <Authentication Manager hostname>,,,,Unable to set connection com.rsa.admin.casapimgt.CASConnectionManagerException: Authentication Manager cannot connect to Cloud Authentication Service. Connection failed.
Cause	This error occurs with the combination of the proxy server using SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service and RSA Authentication Manager not trusting the certificate from the proxy server.
Resolution	There are two ways to resolve this issue: Configure the proxy server to use SSL Passthrough rather than SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service, or Import the root certificate from the proxy server into each RSA Authentication Manager instance in the environment that communicates with the Cloud Authentication Service through the proxy. For steps, contact RSA Customer Support.

Attachments

Outcomes

0 Comments

Recommended Content