000014725 - 'Invalid radius shared secret was provided'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014725
Applies ToAM 3.0 Appliance SP2 and greater

Look for the following in the configRADIUStrace.log

Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://<hostname>:7002: Destination unreachable; nested exception is:

javax.net.ssl.SSLKeyException: [Security:090548]The certificate chain received from <hostname>: - <IP Address>: contained a V3 CA certificate which was missing the basic constraints extension; No available router to destination

at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)

IssueWhen trying to configure Radius on a Primary  the admin receives the following error in the Operation Console
"Invalid radius shared secret was provided".
CauseThe certificate was changed on the Primary. The cause of the error is this Certificate and it's root CA (and intermediate certificates, if applicable) are not in the Trusted certificate store on the Replica 

Follow step 9 in the am_replacing Installed Certificates.pdf doc on page 2. To place the certificate(s) trusted certificate store on the Replica
If you have a root and intermediate certificate you need to place both in the certificate store.  The best way to do all of these is to follow the document for replacing certificates, and replace the certificates on the Replica in the same way it was done on the Primary.

Once the certificates have been put into the trusted certificate stores, open a new Operations console and continue on to configuring Radius.

Contact Technical Support for the updated Certificate Import document.

Legacy Article IDa52272