Issue | Dear Customer,
Following is an update to the previous notification regarding the RSA eFraudNetwork SSL Certification Change within RSA Adaptive Authentication (On-Premise) 7.x.
We would like to inform you that we will be updating the SSL certificate for RSA eFraudNetwork service within RSA Adaptive Authentication (On-Premise) 7.x. The change is applicable for customers using RSA eFraudNetwork service through RSA Adaptive Authentication (On-Premise) 7.x, connecting to the following eFraudNetwork URL: secureft.efraudnetwork.net. The change will take place on September 29, 2016, between 4:00 am GMT and 12:00 pm GMT.
Customer Action May Be Required
RSA eFraudNetwork agent within RSA Adaptive Authentication (On-Premise) 7.x uses the Java trust mechanism that checks that the root certificate is a known trusted CA. Customers who changed the default behaviors of the Java may need to add the new root certificate to their truststore. Below you can find the new certificate.
No other changes are required. |
Resolution | How to Validate if Action is Required Perform the following steps:
- Go to <JAVA_HOME>\bin.
- Execute the following command:
keytool -list -v -keystore "<JAVA_HOME>\jre\lib\security\cacerts" > certs.txt The command returns a file with all the certificates (certs.txt in <JAVA_HOME>\bin). - Check that the root certificate is present in the file. Look for the following information for the certificate:
Owner: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Serial number: 600197b746a7eab4b49ad64b2ff790fb Valid from: Wed Apr 02 05:30:00 IST 2008 until: Wed Dec 02 05:29:59 IST 2037 Certificate fingerprints: MD5: FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 SHA1: F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 SHA256: 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C Signature algorithm name: SHA256withRSA Version: 3 - If the above certificate is present, no action is required.
If the above certificate is not present in the file, add the certificate to the truststore. After the certificate is added to the truststore, restart the server. New Certificate for RSA eFraudNetwork - secureft.efraudnetwork.net SSL certificate
-----BEGIN CERTIFICATE----- MIIGZzCCBU+gAwIBAgIQLnHG92ZD/8Ymlv/NJ6VNDjANBgkqhkiG9w0BAQsFADBD MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0 aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNjA5MjAwMDAwMDBaFw0xODA5MjAyMzU5 NTlaMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czEQMA4G A1UEBwwHQmVkZm9yZDEZMBcGA1UECgwQUlNBIFNlY3VyaXR5IExMQzEgMB4GA1UE CwwXUlNBIENvbnN1bWVyIE9wZXJhdGlvbnMxIzAhBgNVBAMMGnNlY3VyZWZ0LmVm cmF1ZG5ldHdvcmsubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 5zJCAzZCgkVAHbFkB8IQ56TI4/m5PEFRalQwbLUsZ6sAzGuP7pF0HIQfY/srmzdB aUPFdwasQTZoFQuua8/CxjEcFw/36vJAIlEsH0XHac3Pd1nFlmUQEQckDHKnG+44 UyuB/NV3MEyVuAmvP0LUPGLJuhqEA8n29sc2QKJy91VtVK5V7cZ9sgBDnp7qe6qv gCKQgiqhf2t0UyxakWxX5gjrdyOdIvJbCL8zRWmMJ3kCeou7G1G3a3W7oLu3qZRm IpthX7EA5kVSG4hin0YHyQI/OMwQzb1M89HUrK4Vdy/LdtQIq2CltNTgCVLcupX1 lOyg66hyfXr9HAaz07IvVwIDAQABo4IC/jCCAvowJQYDVR0RBB4wHIIac2VjdXJl ZnQuZWZyYXVkbmV0d29yay5uZXQwCQYDVR0TBAIwADBuBgNVHSAEZzBlMGMGBmeB DAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAv BggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRvcnkw DgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4BGDgw4XB6BeARdqPOvZAU MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3JsMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkwHwYI KwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6 Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA dQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdHwNNLAAAEAwBG MEQCIEZbqSnVBSnIFTXZqvTP5OHE37ykKWYsS1oiSEMaw+/bAiAeCbNjrDOuVhVu qWDZzpjakL/bIe2sy7k1x5ajuFkXYgB2AKS5CZC0GFgUh7sTosxncAo8NZgE+Rvf uON3zQ7IDdwQAAABV0fA1QcAAAQDAEcwRQIhAJik1SMnQ3q7oXEE5fl8BRup3uNm PVmHhtnHn9TE60pNAiBsmlEgdPRIcCO5LBFbaOH3poq2ygf4soFCKDlgOPUxcgB3 AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABV0fA1QYAAAQDAEgw RgIhANCRrBXWoNE8OWGnIyJY5LPWBuKvRpACgmVYsh7eUNeSAiEA5H/8cBufCsBO ZmKr/pmJlUpCg81fH1uz/zKFD105w1MwDQYJKoZIhvcNAQELBQADggEBAHeTq5N9 igS89O8Y56mdJ7+lpS8TUJBNpLPmrAhCuSSlhRwgKeNCdlNOxAlDEJ/pczTfF+KO ZQQByL2GpwfhMKtnsxdu7Gtk07c4d0bHw6CSL3YD1bAlvihocQvDgJsjo5zgBCjn Z6B/kl4jaOTCYUhgE4bSbeRN8rDteqOOB4ziQeOKZx7wvTZzeW653r/dusYSxizp yb4XGADWrF4gpx98matr1sp8fDDELVH01dL4TzAwst5f39/rUrisdp8V19f4JMOV 4FyD7FTSVa39k73urvi81QZp0g8GZ+Jc1C5vAItPTpCMKSuO/Hlff83Y7bnkomai sGw1Qmb9wCIdWSs= -----END CERTIFICATE-----
Root certificate
-----BEGIN CERTIFICATE----- MIIEwjCCA6qgAwIBAgIQNjSeGMmcJmm2Vi5s5a1xMjANBgkqhkiG9w0BAQsFADCB rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA1MjMwMDAwMDBa Fw0yMzA1MjIyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs IEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Mr1LpdOK6wz7lMON8gffErR3Edi2jzVvmc 2qrlhCbepXEwvPMxI53oO4DIZld1tlcO25P1Jo5wumRSZooqiFxEGE2oony9VmEy kBL5NYdIYLBukGdEAY3nyQ1jaHJyq2M8hrgffa2IJadqiCn7WcZ4cV8suonm04D9 V+y5UV9DMy5+JTukBNFgjLNEM5MMrSq2RKIZO6/EkG97BYeGmyxqnStsd8kAn8nP rO0+G/fD89n4bNSgV8T7KDKqM/Dmupjf5cJOnHS/ikjC8hvwd0BBBwSyOtVMxCmp EUA/AkbwkdXSgYOGE7Mx7UarqId2qZl9vM0xUPSltdylMrOLiwIDAQABo4IBRDCC AUAwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3 dGUuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0gBDowODA2BgpghkgBhvhF AQc2MCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcG A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0Et RzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMS VmVyaVNpZ25NUEtJLTItNDE1MB0GA1UdDgQWBBQrmjWuARg4MOFwegXgEXajzr2Q FDAfBgNVHSMEGDAWgBStbKqUYJzt5P/6Pgp0K2MD97ZZvzANBgkqhkiG9w0BAQsF AAOCAQEAdKZW6K+Tlhn7JvkNsESlzel6SAN0AWwTcbfggpCZYiPj1pmv8McenqgY Idu0lD80VhuZVS+O8EUzMrdywRNbNNP1YOUuGNFcxWrBqodQDBydZCv/G9zVLmEL 57m2kVOG2QMq0T17StorB74p8mBCqZEaDi480X2lExQC+u6LjbbIuD5WgVchJD9l w7TJzlyNRqxT8/lVdMgr/dJ4cPX4EeX0p60g9Z3x7HD2E6zmjI3bP8byeQ6rUvLM G3knzxaz1vPGNoBD7MWU8N2QjfjGUkZW63RHvqbzGa5xTMDh59TP7dQGKCoRPLrZ QW4A54E3k+TaYsYdZ29jtBSG2aZi8A== -----END CERTIFICATE----- |