000014577 - Problem with authenticated SSL on 64 bit agent

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014577
Applies ToRed Hat 5, SUSE 10 - 64  bit
RSA Access Manager 4.8 Agent
keystore location and password are correct in webagent.conf
permissions on the .p12 file are sufficient
the communication mode between the agent and the other components (dispatcher and authorization server) is set to authenticated SSL in webagent.conf: cleartrust.agent.ssl.use=Auth
Apache 2.x
IssueThe agent is unable to open the .p12 pkcs keystore at startup and then exits
<Config> - Specifies the keystore name of the PKCS #12 keystore containing the
Agent's private key. This parameter must be configured appropriately if the
RSA ClearTrust Servers require authenticated SSL connections. Obtain this
information from the administrator who created the Server certificate.

When you enter the keystore file name, you must enter the fully qualified
pathname. (e.g. C:\keystore\keys.p12 or /opt/ctrust/agent/conf/keys.p12)

Allowed Values:
Absolute path to a PKCS #12 keystore or if the file is located in the RSA
ClearTrust agent root (CTAgentRoot) conf folder, specify only the filename.

Dependencies:
If this parameter is set, the parameters ssl.keystore_passphrase and
ssl.private_key_passphrase must also be configured appropriately.

Example:

cleartrust.agent.ssl.keystore=/opt/ctrust/agent/apache/conf/keys.p12
<Config> - Invalid or missing value configured for the above property
<Config> - Either the file does not exist, or the user does not have sufficient permissions to read the file. Create/write permissions on the file may also be required.
<Config> - Please fix the above problem(s) and restart the web server
<Misconfig> - Error initializing runtime pools
dca04:/var/applications/apache/pki/bin # vi /usr/local/lib/websso/conf/webagent.conf
dca04:/var/applications/apache/pki/bin # /applications/apache/CURRENT/bin/httpd -f /var/applications/apache/pki/conf/httpd.conf -X
<Critical> - Failed to open SSL keystore for pool,check filename and password
Causethere is a bug in the BSAFE version included in the agent, see solution a34836 for details
Resolution
please install hotfix 4.8.0.21 to correct this issue
Legacy Article IDa45270

Attachments

    Outcomes