Java exception error during restore of default console certificate on RSA Authentication Manager 8.2 and higher
Originally Published: 2018-06-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2, 8.3, 8.4, 8.5
Issue
- How to regenerate the deleted Authentication Manager default server certificate.
- How to resolve the following Java exception error that occurs when running the rsautil reset-server-cert command to restore the default console certificate on RSA Authentication Manager:
java.lang.NullPointerException
at com.rsa.authmgr.install.tools.CertManager.resetServerCert(CertManager
at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:15
at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)Resolution
- Open an SSH session using an SSH client, such as PuTTy, to the RSA Authentication Manager primary server.
- Login as rsaadmin and enter the operating system password.
Note that during Quick Setup another username may have been selected. Use that username to login.
- Go to /opt/rsa/am/utils/.
login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Wed Jun 20 05:24:51 2018 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~> cd /opt/rsa/am/utils
- Run the ./rsautil manage-ssl-cert --regen-internal-ca command to regenerate the RSA Authentication Manager default console certificate.
- When prompted, enter the Operations Console administrator username and password:
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-ssl-cert --regen-internal-ca Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> Manage SSL Certificate Utility 8.2.0.2.0 (1388711) Copyright (C) 2016 RSA Security Inc. All rights reserved. Regenerating internal certificate authority and SSL certificates... Created backup of current keystores at: /opt/rsa/am/server/security/JKS_BACKUP_3472436041899343669 Created primary keystore ZIP: primary-keystores.zip Copy this file to each Replica instance and run this tool providing this file as the parameter to the "--keystore-zip" option. Command completed successfully. rsaadmin@am82p:/opt/rsa/am/utils>
The above command will also create a backup of the current keystores which will be saved to /opt/rsa/am/server/security/JKS_BACKUP_XXXXXXXXXXXXXXXXXXX
- Once these steps are complete, elevate privileges to root and reboot the appliance by issuing the commands below:
rsaadmin@am82p:~> sudo su - root rsaadmin's password: <enter operating system password> am82p:/home/rsaadmin # reboot Broadcast message from root (pts/0) (Wed Jun 20 08:15:08 2018): The system is going down for reboot NOW! am82p:/home/rsaadmin #
- Now the Java error will not occur while running the ./rsautil reset-server-cert command.
- After reverting to the default certificate, the expired certificate will be listed as Inactive in the Operations Console under Deployment Configuration > Certificates > Console Certificate Management.
Notes
Related Articles
How to handle a request for information on Access Control and Data Security in RSA Web Threat Detection Number of Views Static Routes Number of Views Replace a Token for a User Number of Views "An error occurred loading the fields for the form" when running the Default Provisioning Form in RSA Identity Governance … Number of Views What is the purpose of the Java node 'Calculate Items To Work On' in the Access Fulfilment Express (AFX) Default Fulfillme… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
