000036859 - Error  "com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing" on RSA Authentication Manager 8.x when reverting to the default server certificate

Document created by RSA Customer Support Employee on Nov 14, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036859
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
  • The console certificate has expired and the Operations Console service fails to start, causing all other services to fail except for the RSA Database Server service.
  • An attempt to revert back original RSA internal certificate displays an error.
 

  1. Launch an SSH client, such as PuTTy.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected.  Use that user name to login.




login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Sat Oct 20 04:45:08 2018 from 10.134.1.25
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@ace5:~> cd /opt/rsa/am/utils
rsaadmin@ace5:/opt/rsa/am/utils> ./rsautil reset-server-cert
Please enter OC Administrator username: <enter Operations Console administrator user name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing
        at com.rsa.ims.security.lockbox.crypto.h.b(h.java:57)
        at com.rsa.ims.security.lockbox.b.loadFields(b.java:119)
        at com.rsa.ims.security.lockbox.h.loadFields(h.java:9)
        at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:166)
        at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:116)
        at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:141)
        at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)
CauseThe /opt/rsa/am/utils/etcsystemfields.properties file has been corrupted. 
  1. Navigate to /opt/rsa/am/utils/etc.
  2. List the systemfields.properties.
  3. Note that the file permissions are -rw------- or read only (600).


rsaadmin@ace5:/opt/rsa/am/utils> cd etc
rsaadmin@ace5:/opt/rsa/am/utils/etc> ls -l *systemfields.properties*
-rw------- 1 rsaadmin rsaadmin     0 Apr 23 05:22 systemfields.properties


 
ResolutionTo resolve the issue, replace the systemfields.properties file that is in /opt/rsa/am/utils/etc with another instance of the file.  Copy the systemfields.properties file from /opt/rsa/am/utils/original_data_backup/ to /opt/rsa/am/utils/etc. 

rsaadmin@ace5:/opt/rsa/am/utils> cd /opt/rsa/am/utils/etc
rsaadmin@ace5:/opt/rsa/am/utils/etc> mv systemfields.properties systemfields.properties.original
rsaadmin@ace5:/opt/rsa/am/utils/etc> cp /opt/rsa/am/utils/original_data_backup/systemfields.properties ./
NotesThe systemfields.properties file can also be copied from the /opt/rsa/am/utils/etc directory on the replica.

File copy needs to be done because just changing file permissions does not resolve the error. 
 

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Fri Oct 26 07:28:44 2018 from 192.168.2.102
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/utils/etc
rsaadmin@am81p:/opt/rsa/am/utils/etc> ls -l
total 80
-rw-r--r-- 1 rsaadmin rsaadmin 1891 Dec  6  2013 1666addb1e02a8c008016d234bd2b1d7.MetaData.properties
-rw-r--r-- 1 rsaadmin rsaadmin 1569 Dec  6  2013 1666addb1e02a8c008016d234bd2b1d7.Values.properties
-rw-r--r-- 1 rsaadmin rsaadmin 4229 Nov  6  2013 applianceBackupFiles.properties
-rw------- 1 rsaadmin rsaadmin  163 Feb  8  2016 appserver_version.properties
-rw-r--r-- 1 rsaadmin rsaadmin  163 Feb  8  2016 appserver_version.properties.bak
-rw-r--r-- 1 rsaadmin rsaadmin  524 Nov  6  2013 authnidp_rsa_component_list.xml
-rw-r--r-- 1 rsaadmin rsaadmin    0 Oct 20 05:50 bat
-rw-r--r-- 1 rsaadmin rsaadmin    0 Oct 20 05:52 fil
-rw-r--r-- 1 rsaadmin rsaadmin  210 Dec  6  2013 Global.MetaData.properties
-rw-r--r-- 1 rsaadmin rsaadmin  197 Dec  6  2013 Global.Values.properties
-rw------- 1 rsaadmin rsaadmin  211 Oct 20 03:03 ims_log_fullscan_needed.properties
-rw-r--r-- 1 rsaadmin rsaadmin  154 Nov  6  2013 jaas.config
-rw-r--r-- 1 rsaadmin rsaadmin 1471 Dec  6  2013 jndi.properties
-rw-r--r-- 1 rsaadmin rsaadmin 3785 Oct 24  2016 patchHistory.dat
-rw-r--r-- 1 rsaadmin rsaadmin  280 Dec  6  2013 redirector.properties
-rw-r--r-- 1 rsaadmin rsaadmin  955 Nov  6  2013 replica-data.properties
-rw-r--r-- 1 rsaadmin rsaadmin 1424 Nov  6  2013 rsa_api.properties
-rw-r--r-- 1 rsaadmin rsaadmin 3817 Dec  6  2013 rsa_component_list.xml
drwxr-xr-x 2 rsaadmin rsaadmin 4096 Oct  5 06:14 rsaserv
-rw-r--r-- 1 rsaadmin rsaadmin 3425 Nov  6  2013 softwareBackupFiles.properties
-rw-r--r-- 1 rsaadmin rsaadmin  906 Nov  6  2013 support.properties
-rw-r--r-- 1 rsaadmin rsaadmin    0 Oct 26 07:30 systemfields.properties
rsaadmin@am81p:/opt/rsa/am/utils/etc> cd ..
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil reset-server-cert
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing
        at com.rsa.ims.security.lockbox.crypto.h.b(h.java:57)
        at com.rsa.ims.security.lockbox.b.loadFields(b.java:119)
        at com.rsa.ims.security.lockbox.h.loadFields(h.java:9)
        at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:166)
        at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:116)
        at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:141)
        at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)
r
saadmin@am81p:/opt/rsa/am/utils>


 

Attachments

    Outcomes