000013200 - AM7.x  APP 3.x: Certificate: Reverting back to the original installation certificate

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013200
Applies ToRSA Authentication Manager 7.x
revert to default certificates
KB a44880 is definitive KB for how-to replace RSA Self-signed SSL Certificate in AM 7.1.  See also CSTM and PDFs.  Jay Guillette has email on revert commands with screen shots
/usr/local/RSASecurity/RSAAuthenticationManager/server/config       on Appliance or in Linux       or
\Program Files\RSA Security\RSA Authentication Manager\server\config            in Windows

IssueHow to revert back to original certificates
Authentication Manager Identity Certificate was replaced
CauseIssues were found that are directly tied to the certificate having been replaced with an improper certificate, or certification path, or replacement certificate expired.

Steps to revert back to the original certificate that RSA created at install:

In the (<AM server install directory>/server/config) directory

Make Backup: Copy config.xml to Config.xml.replacedcerts

Open one of the higher numbered backup_configXX.xml files with a text editor and find the entry <server-private-key-alias>rsa_am_key</server-private-key-alias>
record/note the value between <server-private-key-pass-phrase-encrypted> and </server-private-key-pass-phrase-encrypted>

Open Config.xml with a text editor.
find the 3 occurrences of <server-private-key-alias> and set the alias to rsa_am_key
find the 3 occurrences of <server-private-key-pass-phrase-encrypted> and set the value that was recorded/noted from looking in the old config files.
Save the file changes.

Stop services


Start services if they are not configured to restart on reboot.

The server should now be running with the default certificate that was created at the time of installation.

NOTE: a full system reboot is needed... if the stopping/starting of all services still leaves the AdminServer unable to initialize correctly
Legacy Article IDa45048