Replace an Expired Console Certificate

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Link Admin on Sep 18, 2020
Version 16Show Document
  • View in full screen mode

If you replace the original console certificate with a certificate issued by a third-party certificate authority (CA), you must make sure that this third-party certificate is replaced before it expires. When the console certificate expires, you cannot start the Authentication Manager services after they are stopped.

If you stop Authentication Manager services on a deployment with an expired certificate, perform the following procedure. and then start the services.


  1. Log on to the appliance with the User ID rsaadmin and the current operating system password:

    • On a hardware appliance, the Amazon Web Services appliance or the Azure appliance, log on to the appliance using an SSH client.
  2. On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.

    On a Hyper-V virtual appliance, log on to the appliance using an SSH client , the Hyper-V System Center Virtual Machine Manager, or the Hyper-V Manager.


    For instructions, see Log On to the Appliance Operating System with SSH.

  4. Change the directory to utils. Type:

    cd /opt/rsa/am/utils

    and press ENTER.

  5. Run the following command to change the console certificate from the third-party certificate to the original certificate. Type the following, and press ENTER:

    ./rsautil reset-server-cert -u oc_admin_UserID

    -p oc_admin_password


    • oc_admin_UserID is the user name for an Operations Console administrator

    • oc_admin_password is the Operations Console administrator’s password

After you finish 

Start the Authentication Manager Services. For instructions, see "Manage RSA Authentication Manager Services Manually" in the Administrator's Guide.





You are here
Table of Contents > Certificates > Replace an Expired Console Certificate