Failed to connect. Curl error code: 77 when using the RSA MFA Agent 9.0 for PAM via REST Protocol

2 years ago

Originally Published: 2024-07-19

Article Number

000072600

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent for PAM

Issue

The RSA MFA Agent for PAM is installed on a supported platform using REST protocol as the operation method. The SSH service is configured to challenge users with an RSA passcode. When users attempt to log in to the machine via SSH, authentication fails.

The /var/ace/log/mfa_rest.log displays the following error messages:

2024-06-27 09:46:36,623 [0x7fdc160b15c0] INFO  (../src/ConnectionHandler/ConnectionHandler.cpp:571) - Connecting to Server: https://primary.rsalab.com:5555/mfa/v1_1/authn
 
2024-06-27 09:46:36,634 [0x7fdc160b15c0] ERROR (../src/ConnectionHandler/ConnectionHandler.cpp:575) - Failed to connect.Curl error code: 77

Cause

Curl error code 77 indicates an issue related to the SSL root CA certificate. Specifically, it means that application failed to load or verify the SSL root CA certificate file, which is necessary for establishing a secure connection.

Resolution

To resolve this issue:

Ensure that the server's SSL root CA certificate is imported on the Linux machine, rather than the intermediate or server certificates. Follow these steps in the article on how to export root certificates for RSA SecurID Access Authentication Manager, Identity Router, or Cloud Authentication Service.
After exporting the certificate, import it into the /var/ace directory on the Linux server.

Don't see what you're looking for?

Related Articles

Trending Articles