000029061 - Removing the annoying message about the certificate in the web browser when connecting to RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029061
Applies To
RSA Product SetSecurID
RSA Product/Service TypeAuthentication Manager
RSA Version/Condition8.1 P05
PlatformSUSE Enterprise Linux 11
Platform (Other) 
O/S VersionSUSE Enterprise Linux 11
Product Name 
Product DescriptionRSA SecurID Appliance
IssueWhen an administrator accesses the RSA Authentication Manager Security Console or Operations Console the following is seen in the web browser.
Microsoft Internet Explorer:
User-added image
Google Chrome:
User-added image
These security messages appear as the Authentication Manager self-signed CA root certificate is not trusted by the local computer.
User-added image
NOTE: marge.csau.ap.rsa.net is the fully-qualified host name of the authentication manager instance.
ResolutionPage of 164 the RSA Authentication Manager 8.1 Administrator’s Guide covers Certificate Manager for Secure Sockets Layer and mentions about replacing the console certificate.
An administrator would generate a Certificate Signing Request (CSR), submit the CSR to a Certificate Authority (CA), and request an SSL server certificate. Next, import and activate the
SSL server certificate in the authentication manager deployment.
Alternatively import the 
Authentication Manager self-signed CA root certificate into the Trusted Root Certification Authorities store on the administrator's local computer.
Below are notes for exporting the Authentication Manager self-signed CA root certificate using Microsoft Internet Explorer, and placing it into the Trusted Root Certification Authorities store on the local computer.
After entering the Security Console or Operations Console URL into the Microsoft Internet Explorer click the Certificate Error and view the certificates.
Example:
User-added image
After View certificates, click the Certificate Path tab, click the RSA root CA certificate (as highlighted in the screenshot) and click the View Certificate button:
User-added image
Now, click the Details tab and then click the Copy to File... button:
User-added image
Steps in the Certificate Export Wizard:
WindowAction
Welcome to the Certificate Export WizardNext
Export File FormatSelect 'Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)' and then Next
File to ExportEnter a File Name
Completing the Certificate Export WizardFinish

Now you have a copy of the RSA root CA certificate in a PKCS #7 format file.
The RSA root CA certificate needs to be placed in the Trusted Root Certification Authorities store on the local computer. Microsoft provides detailed steps on how to Manage Trusted Root Certificates at URL http://technet.microsoft.com/en-us/library/cc754841.aspx
steps taken from the Microsoft URL:
User-added image
Screenshot taken on the Local Computer Policy on Microsoft Windows 7 workstation:
User-added image
Changing the rules for user trust of certificates and root certificate stores as per Microsoft instructions:
User-added image
Adding certificate to the Trusted Root Certification Authorities store for a local computer
steps taken from the Microsoft URL:
User-added image
Screenshot taken on the Local Computer Policy on Microsoft Windows 7 workstation:
User-added image
 
Steps in the Certificate Import Wizard:


WindowAction
Welcome to the Certificate Import WizardNext
File to ImportEnter a File Name of the P7B file exported previously
Certificate StoreSelect 'Place all certificates in the following store. Certificate Store: Trusted Root Certification Authorities' and click Next
Completing the Certificate Export WizardFinish


Next, close all open Microsoft Internet Explorer windows. Open Microsoft Internet Explorer, enter either the Security Console or Operations Console URL and you will notice that the security message does not appear.
Example:
User-added image
Also, there is no certificate error as the Authentication Manager self-signed CA root certificate is now trusted.
Example:
User-added image

 

Attachments

    Outcomes