AWS AFX Connector "SSLHandshakeException: Could not generate secret" error in RSA Governance & Lifecycle
Article Number
Applies To
- Securid Governance & Lifecycle 7.5.2
- RSA Governance & Lifecycle 8.0.0
Issue
2024-02-30 16:15:12.064 [ERROR] com.aveksa.AFX.server.runtime.esb.amazonaws.esb.AmazonAWSComponent:361 - Unable to execute HTTP request: Could not generate secret com.amazonaws.SdkClientException: Unable to execute HTTP request: Could not generate secret ... Caused by: javax.net.ssl.SSLHandshakeException: Could not generate secret at sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t13DeriveKey(ECDHKeyExchange.java:479)
Cause
Resolution
- RSA Governance & Lifecycle 8.0.0 P02
Workaround
In the following version
- Securid Governance & Lifecycle 7.5.2
Edit the /home/oracle/AFX/esb/conf/wrapper.conf
At line 31 in wrapper.conf insert the following line.
wrapper.java.additional.11=-Djdk.tls.client.protocols=TLSv1.2
Restart AFX for the changes to take effect.
This modification must be done if you patch 7.5.2 or redeploy a new AFX instance on 7.5.2
(Customers on 8.0.0 version should patch to the latest patch.)
Related Articles
AWS collector fails with NoClassDefFoundError Number of Views AWS Workspaces - RSA Ready Implementation Guide Number of Views Amazon AWS Account Collector fails with 'java.lang.NoClassDefFoundError' on WebSphere in RSA Identity Governance & Lifecycle Number of Views AWS IAM Identity Center CloudWatch - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views AWS IAM Identity Center- RSA Ready Implementation Guide Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
