000032384 - Obtain the RSA root CA certificate from RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 10, 2020
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000032384
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThis article explains how to obtain the RSA root CA certificate from the Authentication Manager instance.
ResolutionThere are two methods that can be used to obtain the Authentication Manager instance RSA root CA certificate. The easiest approach for an administrator to obtain the self-signed RSA root CA certificate is by using a supported web browser.

UI Steps



  1. Access either the Operations Console or Security Console with a web browser (using Google Chrome for this example).
  2. Click the padlock with the small red cross.

Example:
User-added image


  1. The administrator is presented with the option to view the certification.  Click the Certificate information link

User-added image


  1. The server certificate is displayed:

User-added image


  1. Click the Certificate Path tab and select the RSA root CA certificate.
  2. Click View Certificate.

User-added image


  1. After viewing the RSA root CA certificate click the Details tab.
  2. Click Copy to File… to save the certificate to a file.

User-added image


  1. At the Certificate Export Wizard, click Next.

User-added image


  1. Select a format you want to use (leaving the default for this example) and click Next.

User-added image


  1. Enter a file name and click the Next.

User-added image


  1. Click Finish.

User-added image


  1. A confirmation appears:

User-added image


  1. In Windows Explorer double click the C:\RSA_root_CA.cer and the RSA root CA certificate is displayed:

User-added image



Alternatively an administrator can access the operating system and export the RSA root CA certificate from the /opt/rsa/am/server/security/caStore.jks file.


SSH Steps



  1. Enable SSH on the RSA Authentication Manager server.
  2. Launch an SSH client, such as PuTTY.
  3. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. Enter the following command and the keystore password when prompted:


login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Thu Jan  9 18:06:47 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am


  1. Navigate to /opt/rsa/am /utils.
  2. Viewing the contents or exporting data from caStore.jks requires the Root Certificate Keystore File Password.  Run ./rsautil manage-secrets -a listall to get the Root Certificate Keystore File Password:


rsaadmin@am82p:~> cd /opt/rsa/am/utils/
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a listall
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
Root Certificate Keystore File Password ...............: BB3aNkbU4uaEoNbURuTmnp5d7Kcuna


  1. To list the contents of the caStore.jks file use the following command:


rsaadmin@am82p:~>/opt/rsa/am/appserver/jdk/bin/keytool -export -keystore /opt/rsa/am/server/security/caStore.jks
Enter keystore password: <enter Root Certificate Keystore File Password from step 6>


  1. To export the RSA root CA certificate (with alias rsa_ca_am) use the command :


rsaadmin@am82p:/opt/rsa/am/utils> /opt/rsa/am/appserver/jdk/bin/keytool -export -alias rsa-am-ca -file rsa-am-ca.crt -keystore /opt/rsa/am/server/security/caStore.jks
Enter keystore password: <enter Root Certificate Keystore File Password from step 6>


  1. Use a secure FTP client (where SSH access to the operating system has been enabled) to copy the rsa-am-ca.crt file from the Authentication Manager instance.


 

 

 


 


 

Attachments

    Outcomes