| Issue | Dear Customer,
Following is an update to the previous notification regarding the RSA eFraudNetwork SSL Certification Change within RSA Adaptive Authentication (On-Premise) 7.x.
We would like to inform you that we will be updating the SSL certificate for RSA eFraudNetwork service within RSA Adaptive Authentication (On-Premise) 7.x. The change is applicable for customers using RSA eFraudNetwork service through RSA Adaptive Authentication (On-Premise) 7.x, connecting to the following eFraudNetwork URL: secureft.efraudnetwork.net. The change will take place on September 29, 2016, between 4:00 am GMT and 12:00 pm GMT.
Customer Action May Be Required
RSA eFraudNetwork agent within RSA Adaptive Authentication (On-Premise) 7.x uses the Java trust mechanism that checks that the root certificate is a known trusted CA. Customers who changed the default behaviors of the Java may need to add the new root certificate to their truststore. Below you can find the new certificate.
No other changes are required. |
| Resolution | How to Validate if Action is Required
Perform the following steps:
- Go to <JAVA_HOME>\bin.
- Execute the following command:
keytool -list -v -keystore "<JAVA_HOME>\jre\lib\security\cacerts" > certs.txt
The command returns a file with all the certificates (certs.txt in <JAVA_HOME>\bin). - Check that the root certificate is present in the file. Look for the following information for the certificate:
Owner: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 600197b746a7eab4b49ad64b2ff790fb
Valid from: Wed Apr 02 05:30:00 IST 2008 until: Wed Dec 02 05:29:59 IST 2037
Certificate fingerprints:
MD5: FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31
SHA1: F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
SHA256: 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C
Signature algorithm name: SHA256withRSA
Version: 3 - If the above certificate is present, no action is required.
If the above certificate is not present in the file, add the certificate to the truststore. After the certificate is added to the truststore, restart the server.
New Certificate for RSA eFraudNetwork - secureft.efraudnetwork.net
SSL certificate
-----BEGIN CERTIFICATE-----
MIIGZzCCBU+gAwIBAgIQLnHG92ZD/8Ymlv/NJ6VNDjANBgkqhkiG9w0BAQsFADBD
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0
aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNjA5MjAwMDAwMDBaFw0xODA5MjAyMzU5
NTlaMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czEQMA4G
A1UEBwwHQmVkZm9yZDEZMBcGA1UECgwQUlNBIFNlY3VyaXR5IExMQzEgMB4GA1UE
CwwXUlNBIENvbnN1bWVyIE9wZXJhdGlvbnMxIzAhBgNVBAMMGnNlY3VyZWZ0LmVm
cmF1ZG5ldHdvcmsubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5zJCAzZCgkVAHbFkB8IQ56TI4/m5PEFRalQwbLUsZ6sAzGuP7pF0HIQfY/srmzdB
aUPFdwasQTZoFQuua8/CxjEcFw/36vJAIlEsH0XHac3Pd1nFlmUQEQckDHKnG+44
UyuB/NV3MEyVuAmvP0LUPGLJuhqEA8n29sc2QKJy91VtVK5V7cZ9sgBDnp7qe6qv
gCKQgiqhf2t0UyxakWxX5gjrdyOdIvJbCL8zRWmMJ3kCeou7G1G3a3W7oLu3qZRm
IpthX7EA5kVSG4hin0YHyQI/OMwQzb1M89HUrK4Vdy/LdtQIq2CltNTgCVLcupX1
lOyg66hyfXr9HAaz07IvVwIDAQABo4IC/jCCAvowJQYDVR0RBB4wHIIac2VjdXJl
ZnQuZWZyYXVkbmV0d29yay5uZXQwCQYDVR0TBAIwADBuBgNVHSAEZzBlMGMGBmeB
DAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAv
BggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRvcnkw
DgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4BGDgw4XB6BeARdqPOvZAU
MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3JsMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkwHwYI
KwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6
Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA
dQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdHwNNLAAAEAwBG
MEQCIEZbqSnVBSnIFTXZqvTP5OHE37ykKWYsS1oiSEMaw+/bAiAeCbNjrDOuVhVu
qWDZzpjakL/bIe2sy7k1x5ajuFkXYgB2AKS5CZC0GFgUh7sTosxncAo8NZgE+Rvf
uON3zQ7IDdwQAAABV0fA1QcAAAQDAEcwRQIhAJik1SMnQ3q7oXEE5fl8BRup3uNm
PVmHhtnHn9TE60pNAiBsmlEgdPRIcCO5LBFbaOH3poq2ygf4soFCKDlgOPUxcgB3
AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABV0fA1QYAAAQDAEgw
RgIhANCRrBXWoNE8OWGnIyJY5LPWBuKvRpACgmVYsh7eUNeSAiEA5H/8cBufCsBO
ZmKr/pmJlUpCg81fH1uz/zKFD105w1MwDQYJKoZIhvcNAQELBQADggEBAHeTq5N9
igS89O8Y56mdJ7+lpS8TUJBNpLPmrAhCuSSlhRwgKeNCdlNOxAlDEJ/pczTfF+KO
ZQQByL2GpwfhMKtnsxdu7Gtk07c4d0bHw6CSL3YD1bAlvihocQvDgJsjo5zgBCjn
Z6B/kl4jaOTCYUhgE4bSbeRN8rDteqOOB4ziQeOKZx7wvTZzeW653r/dusYSxizp
yb4XGADWrF4gpx98matr1sp8fDDELVH01dL4TzAwst5f39/rUrisdp8V19f4JMOV
4FyD7FTSVa39k73urvi81QZp0g8GZ+Jc1C5vAItPTpCMKSuO/Hlff83Y7bnkomai
sGw1Qmb9wCIdWSs=
-----END CERTIFICATE-----
Root certificate
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIQNjSeGMmcJmm2Vi5s5a1xMjANBgkqhkiG9w0BAQsFADCB
rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA1MjMwMDAwMDBa
Fw0yMzA1MjIyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs
IEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Mr1LpdOK6wz7lMON8gffErR3Edi2jzVvmc
2qrlhCbepXEwvPMxI53oO4DIZld1tlcO25P1Jo5wumRSZooqiFxEGE2oony9VmEy
kBL5NYdIYLBukGdEAY3nyQ1jaHJyq2M8hrgffa2IJadqiCn7WcZ4cV8suonm04D9
V+y5UV9DMy5+JTukBNFgjLNEM5MMrSq2RKIZO6/EkG97BYeGmyxqnStsd8kAn8nP
rO0+G/fD89n4bNSgV8T7KDKqM/Dmupjf5cJOnHS/ikjC8hvwd0BBBwSyOtVMxCmp
EUA/AkbwkdXSgYOGE7Mx7UarqId2qZl9vM0xUPSltdylMrOLiwIDAQABo4IBRDCC
AUAwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3
dGUuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0gBDowODA2BgpghkgBhvhF
AQc2MCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcG
A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0Et
RzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMS
VmVyaVNpZ25NUEtJLTItNDE1MB0GA1UdDgQWBBQrmjWuARg4MOFwegXgEXajzr2Q
FDAfBgNVHSMEGDAWgBStbKqUYJzt5P/6Pgp0K2MD97ZZvzANBgkqhkiG9w0BAQsF
AAOCAQEAdKZW6K+Tlhn7JvkNsESlzel6SAN0AWwTcbfggpCZYiPj1pmv8McenqgY
Idu0lD80VhuZVS+O8EUzMrdywRNbNNP1YOUuGNFcxWrBqodQDBydZCv/G9zVLmEL
57m2kVOG2QMq0T17StorB74p8mBCqZEaDi480X2lExQC+u6LjbbIuD5WgVchJD9l
w7TJzlyNRqxT8/lVdMgr/dJ4cPX4EeX0p60g9Z3x7HD2E6zmjI3bP8byeQ6rUvLM
G3knzxaz1vPGNoBD7MWU8N2QjfjGUkZW63RHvqbzGa5xTMDh59TP7dQGKCoRPLrZ
QW4A54E3k+TaYsYdZ29jtBSG2aZi8A==
-----END CERTIFICATE-----
|
on Oct 5, 2016