000016945 - Access to the RSA Security Console fails

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016945
Applies ToAuthentication Manager 7.1
Security Console
Windows
UNIX
Security Alert
IssueMicrosoft Internet Explorer 6 pops up a Security Alert - The name on the security certificate is invalid or does not match the name of the site
Mozilla Firefox reports Secure Connection Falied - am71p.local.net:7004 uses an invalid certificates - The certificate is only valid for am71p.csau.ap.rsa.net - (Error code: ssl_error_bad_cert_domain)
Microsoft Internet Explorer 7 displays an HTML error page - There is a problem with this website's security certificate. - The security certificate presented by this website was issued for a different website's address.
'No backend servers available' displayed in web browser
####<date time> <Warning> <Security> <am71p> <am71p_server> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231113770374> <BEA-090482> <BAD_CERTIFICATE alert was received from am71p.local.net - 192.168.1.10. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.> reported in the <AM_inst_dir>\server\logs\am71p_server.log (where am71p is the hostname of the Authentication Manager and local.net is the dns suffix)
CauseViewing the SSL certifcate issued to the Authentication Manager does not match the actual Authentication Manager fully-qualified computer name
Resolution

A new keypair and certificate request for the correct name of the Authentication Manager is required. The certificate request must then be signed by a trusted root that would have imported into the Root Certificate Key Store and Identity Certificate Key Store. The signed certificate should then be imported into the Identity Certificate Key Store and activated.

 

Please refer to Replacing RSA Authentication Manager 7.1 SP4 Certificates as this covers the steps taken to change the SSL certificates used by the Authentication Manager 7.1 software.

 

Please contact RSA Customer Support on one of the telephone numbers listed for further assistance if you are still experiencing a technical problem.

Workaroundrsautil manage-ssl-certificate has been used to replace the SSL certificates.
Legacy Article IDa43824

Attachments

    Outcomes