000017506 - Reverting back to the RSA self-signed default certificates on Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017506
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition: 8.1



 
IssueAfter installing new console certificates on the Authentication Manager server, the server hangs when rebooting.  Running ./rsaserv status all shows only the RSA Database Server is running.  All other services fail to start.
The following errors show in /opt/rsa/am/server/logs/AdminServer.log:
 
####<Jul 7, 2014 10:23:40 AM EDT> <Notice> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020591> 
<BEA-000365> <Server state changed to FAILED.>
####<Jul 7, 2014 10:23:40 AM EDT> <Error> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020591>
<BEA-000383> <A critical service failed. The server will shut itself down.>
####<Jul 7, 2014 10:23:40 AM EDT> <Notice> <WebLogicServer> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020595>
<BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
####<Jul 7, 2014 10:23:40 AM EDT> <Info> <JMX> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020609> <BEA-149513>
<JMX Connector Server stopped at service:jmx:iiop://10.46.30.77:7006/jndi/weblogic.management.mbeanservers.domainruntime.>
####<Jul 7, 2014 10:23:40 AM EDT> <Info> <JMX> <eegorsa03> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1404743020609> <BEA-149513>
<JMX Connector Server stopped at service:jmx:iiop://10.46.30.77:7006/jndi/weblogic.management.mbeanservers.edit.>
Caused by: weblogic.management.configuration.ConfigurationException: Identity certificate has expired:





 
CauseThe RSA self-signed certificates that come with Authentication Manager 8.1 by default have been replaced by other certificates which have, in turn, expired.
 
Resolution

To revert back to the RSA self-signed certificates, SSH to the Authentication Manager server and run the following command:
 


login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Wed Sep 16 17:21:28 2015 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/utils
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil reset-server-cert
Please enter OC Administrator username:  <enter Operations Console admin user name>
Please enter OC Administrator password: <enter the password for the Operations Console user>

After the certificate is replaced, restart the Authentication Manager services:


rsaadmin@am81p:/opt/rsa/am/utils> cd ../server
rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv restart all
Legacy Article IDa66786

Attachments

    Outcomes