000018179 - How to resolve RSA ACE/Agent certificate issues in ACE NAP

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018179
Applies ToRSA ACE/Server
RSA ACE/Agent for Windows
RSA ACE/Agent certificate utility
Microsoft Windows
IssueHow to resolve RSA ACE/Agent certificate issues in ACE NAP
Error: "The currently installed root certificate did not issue the certificate you are importing"
Certificate is invalid
CauseThe user had several Server certificates on his ACE/Agent Certificate Utility. One of the Server certificates was selected as the root certificate, likely by clicking on Select Root Certificate button, and selecting a different *.CRT from the sdroot.crt. From this ?new root cert?  the customer made a new server certificate. When the other administrator returned and re-selected the correct root certificate, the new Server Certificates were invalid.
Resolution1. Start RSA ACE/Agent certificate utility by navigating to Start Menu>Programs>Ace Agent>Ace Agent Certificate Utility)

2. Opening the Certificate utility will prompt you for a password.>Click Cancel.

3. Find the true root certificate (by default named sdroot.crt), click Select Root Certificate, browse to (by default) c:\Program Files\Sdti\ACE Agent Certificate Utility. Here you should find sdroot.crt. Double click <sdroot.crt > at the prompt, and enter the password.

4. Check the root certificate by highlighting sdroot.crt, click Verify Certificate. You should get the message Certificate is valid.

NOTE: If any other message appears, you may have to create a root certificate, and a key, then create all new server certificates and keys. Before doing this, call RSA Security Customer Support for assistance.

5. Make new Server Certificate and Keys. Click the Help button for instructions if necessary.

6. Import this new Certificate to the new BDC (deleting the current certificate and key if necessary). Test authentication should work correctly.
Legacy Article ID6.0.108572.2584261