000033585 - Error Starting the Quick Setup service when deploying a new instance of RSA Authentication Manager 8.1 OVA

Document created by RSA Customer Support Employee on Jul 21, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033585
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1.0
 
IssueWhen deploying a new instance of AM 8.1 using the OVA file, the quick setup is not working, and when trying to start the quick setup service it fails.
When checking the "QuickSetupServerWrapper.log" log file under /opt/rsa/am/quick_setup/logs, you are getting the error "Identity certificate has expired" as shown in the below screenshot:
 
User-added image
CauseThis is caused by the fact that the certificate used by the Quick setup for the AM 8.1 OVA has expired. This usually happens when the VM is created and left for a long time (about one year) without running the quick setup.
ResolutionThe easiest way to resolve this is to re-deploy the OVA file to create a new virtual machine. However, If this is not possible (e.g. If you don't have enough privilege to create a new virtual machine) you can follow the below steps to renew the certificate:
1- Open the Virtual machine console.
2- Login with the credentials rsaadmin/rsaadmin
3- Run the below command to backup the current certificate:
# cd /opt/rsa/am/quick_setup/security
# mv quicksetup.jks quicksetup.jks_bk

4- Run the below command to create a new certificate:
# cd /opt/rsa/am/quick_setup/security
# /opt/rsa/am/appserver/jdk/bin/keytool -genkey -keyalg RSA -alias quicksetup -keystore quicksetup.jks -storepass password -validity 360 -keysize 2048

5- Run the below command to restart the service:
# cd /opt/rsa/am/quick_setup
# ./rsaserv restart

 

Attachments

    Outcomes