000017085 - AM 7.X/APP 3.0: Agent auto-registration fails with SSL handshake error

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017085
Applies ToRSA Authentication Manager 7.1
RSA SecurID Appliance 3.0
IssueThe Authentication Manager has been migrated from version 6.x.
in imsTrace.log:
2010-09-21 17:07:51,897, [AutoRegConnectionHandler1], (       m.java:132), trace.com.rsa.authmgr.internal.agentreg.msgprocessor.m, INFO, wirsa02.wirtgen-group.local, , , , SSL handshake fails: 
java.io.IOException: handshake failed, An Alert was received: Certificate Unknown

in the sdadmreg.log:
SDSSLVerifyPeerCertificateWithReference: Rejected key!!  
CauseThe server.cer and key that are stored in the database do not match with server.cer shipped with the license.
Resolution
1. Copy server.cer, server.key, sdti.cer from your current license to c:\amlicense on the server.
2. Copy the install-am-keystore.jar file from [RSA_AM]\uninstall\lib\ into the [RSA_AM]\utils\lib directory. 
3. Run the following command to fix the certificates
cd [RSA_AM]\utils\
rsautil install-am-keystore -l c:\amlicense -r -m <master password>
4. Rename the existing server.cer to server.cer.old in the C:\Program Files\RSA Security\RSA Authentication Agent\Agenthost Autoreg Utility on the client.
5. Copy the server.cer file from your license to C:\Program Files\RSA Security\RSA Authentication Agent\Agenthost Autoreg Utility on the client. 
6. Restart the Authentication Manager services. 
Legacy Article IDa59874

Attachments

    Outcomes