000030310 - How to install signed server certificates for IMG

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000030310
Applies ToRSA Product Set: Identity Management and Governance (IMG), Aveksa
TasksAt anytime, if you ever need to remove the default server certificate (alias is 'server' and shows up in the browser as Issued to: ACM and Issued by: ACM), then you will want to:

1. Always take a backup before removing the 'server' certificate.

2. Open a duplicate putty session, and tail the aveksaServer.log.

You can tail the log with the following command:

tail -f /home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/log/aveksaServer.log

What you will want to keep an eye out for, after restarting ACM when the server is coming back up, is the following error:

ERROR (http- [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed 

java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. 

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) 

at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:309) 

at java.lang.Thread.run(Thread.java:662)
If you start seeing this error log over and over again, go to your original putty session and restore the aveksa.keystore with the backup that you took.  This will restore the aveksa.keystore to the state before removing the 'server' certificate, and stop the error from logging.