000032384 - How to obtain the RSA root CA certificate from RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032384
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueCustomers have a requirement to obtain the RSA root CA certificate from the authentication manager instance.
ResolutionThere are two methods that can be used to obtain the authentication manager instance RSA root CA certificate. The easiest approach for an administrator for obtaining the self-signed RSA root CA certificate from the authentication manager instance is by using a supported web browser.
Steps:

  1. Access either the Operations Console or Security Console with a web browser (using Google Chrome for this example) - click the padlock with the small red cross.
Example:
User-added image

  1. The administrator is presented with the option to view the certification - click Certificate information link
User-added image

  1. The server certificate is displayed..
User-added image

  1. Click the Certificate Path tab and select the RSA root CA certificateNow click View Certificate.
User-added image

  1. After viewing the RSA root CA certificate click the Details tab. Now, click Copy to File… button so save the certificate to a file.
User-added image
User-added image
click Next > button
User-added image
select a format you want to use (leaving the default for this example) and click Next > button
User-added image
enter a filename and click the Next > button
User-added image
click Finish button
User-added image

  1. In Windows explorer double-click the C:\RSA_root_CA.cer and the RSA root CA certificate is displayed
User-added image


Alternatively an administrator can access the Operating System and export the RSA root CA certificate from the /opt/rsa/am/server/security/caStore.jks file.
Steps:

  1. Logon to the Operating System of the authentication manager instance with the rsaadmin account
  2. To list the contents of the caStore.jks file use the command : 
    /opt/rsa/am/appserver/jdk/bin/keytool -export -keystore /opt/rsa/am/server/security/caStore.jks

  3. To export the RSA root CA certificate (with alias rsa_ca_am) use the command :
    /opt/rsa/am/appserver/jdk/bin/keytool -export -alias rsa-am-ca -file rsa-am-ca.crt -keystore /opt/rsa/am/server/security/caStore.jks

  4. Use a secure FTP client (where SSH access to the operating system has been enabled) to copy the rsa-am-ca.crt file from the authentication manager instance.
NOTE: viewing the contents or exporting data from caStore.jks requires the Root Certificate Keystore File Password (found by running ./rsautil manage-secrets –a listall from the /opt/rsa/am/utils folder)


 

 
 

 

 

Attachments

    Outcomes