Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000017506 - Reverting back to the RSA self-signed default certificates on Authentication Manager 8.1

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000017506
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1
Issue	After installing new console certificates on the Authentication Manager server, the server hangs when rebooting. Running ./rsaserv status all shows only the RSA Database Server is running. All other services fail to start. The following errors show in /opt/rsa/am/server/logs/AdminServer.log: ####<Jul 7, 2014 10:23:40 AM EDT> <Notice> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020591> <BEA-000365> <Server state changed to FAILED.> ####<Jul 7, 2014 10:23:40 AM EDT> <Error> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020591> <BEA-000383> <A critical service failed. The server will shut itself down.> ####<Jul 7, 2014 10:23:40 AM EDT> <Notice> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020595> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.> ####<Jul 7, 2014 10:23:40 AM EDT> <Info> <JMX> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020609> <BEA-149513> <JMX Connector Server stopped at service:jmx:iiop://10.46.30.77:7006/jndi/weblogic.management.mbeanservers.domainruntime.> ####<Jul 7, 2014 10:23:40 AM EDT> <Info> <JMX> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020609> <BEA-149513> <JMX Connector Server stopped at service:jmx:iiop://10.46.30.77:7006/jndi/weblogic.management.mbeanservers.edit.> Caused by: weblogic.management.configuration.ConfigurationException: Identity certificate has expired:
Cause	The RSA self-signed certificates that come with Authentication Manager 8.1 by default have been replaced by other certificates which have, in turn, expired.
Resolution	To revert back to the RSA self-signed certificates, SSH to the Authentication Manager server and run the following command: login as: rsaadmin Using keyboard-interactive authentication. Password: <enter OS user password> Last login: Wed Sep 16 17:21:28 2015 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am81p:~> cd /opt/rsa/am/utils rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil reset-server-cert Please enter OC Administrator username: <enter Operations Console admin user name> Please enter OC Administrator password: <enter the password for the Operations Console user> After the certificate is replaced, restart the Authentication Manager services: rsaadmin@am81p:/opt/rsa/am/utils> cd ../server rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv restart all
Legacy Article ID	a66786

Attachments

Outcomes

0 Comments

Recommended Content