Failed to connect. Curl error code: 77 when using the RSA MFA Agent 9.0 for PAM via REST Protocol
2 years ago
Originally Published: 2024-07-19
Article Number
000072600
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent for PAM
 
Issue
The RSA  MFA Agent for PAM is installed on a supported platform using REST protocol as the operation method. The SSH service is configured to challenge users with an RSA passcode. When users attempt to log in to the machine via SSH, authentication fails. 

The /var/ace/log/mfa_rest.log displays the following error messages: 
  
2024-06-27 09:46:36,623 [0x7fdc160b15c0] INFO  (../src/ConnectionHandler/ConnectionHandler.cpp:571) - Connecting to Server: https://primary.rsalab.com:5555/mfa/v1_1/authn
 
2024-06-27 09:46:36,634 [0x7fdc160b15c0] ERROR (../src/ConnectionHandler/ConnectionHandler.cpp:575) - Failed to connect.Curl error code: 77



 
Cause

Curl error code 77 indicates an issue related to the SSL root CA certificate. Specifically, it means that application failed to load or verify the SSL root CA certificate file, which is necessary for establishing a secure connection.

Resolution
To resolve this issue: 
  1. Ensure that the server's SSL root CA certificate is imported on the Linux machine, rather than the intermediate or server certificates. Follow these steps in the article on how to export root certificates for RSA SecurID Access Authentication Manager, Identity Router, or Cloud Authentication Service.
  2.  After exporting the certificate, import it into the /var/ace directory on the Linux server.

Related Articles

Trending Articles

Don't see what you're looking for?