000034942 - How to replace the RSA Authentication Manager self signed console certificate with a signed certificate from Microsoft Active Directory Certificate Authority

Document created by RSA Customer Support Employee on Mar 17, 2017Last modified by RSA Customer Support Employee on Apr 14, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034942
Applies ToProduct Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThis article explains how an RSA administrator would replace the RSA Authentication Manager self signed console certificate with a signed certificate from Microsoft Active Directory Certificate Authority.
Resolution
  1. From the Operations Console select Deployment Configuration > Console Certificate Management.
  2. Click Generate CSR.
User-added image

  1. Under Certificate Basics, fill in the certificate information.
  2. Click Generate File.
User-added image

  1. Download the CSR then open it with a text editor and copy the file content.
User-added image

  1. On the Active Directory CA server, go to https://localhost/certsrv or https://<Active Directory_CA_FQDN>/certsrv:
User-added image

  1. Click the link to submit an advanced certificate request.
User-added image

  1. Click the option to submit a certificate request using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
User-added image

  1. Under Saved Request paste the CSR file content into the box labeled Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7).
  2. For Certificate Template make sure to select Web Server.
  3. Click Submit.
User-added image

  1. Click Download Certificate Chain.
User-added image

  1. From the Operations Console select Deployment Configuration > Console Certificate Management.
  2. Select PKCS#7 (.cer or .p7b) for the Type of Certificate to import. 
  3. Choose Import Certificate.
  4. Click Activate.
User-added image

  1. Review the certificate details to ensure this is the certificate you wish to activate.
  2. Place a check in the Activate Certificate Confirmation box.
  3. Click Activate Certificate.
User-added image

  1. After selecting Activate Certificate, the Authentication Manager services will be restarted automatically.

Attachments

    Outcomes