Java exception error during restore of default console certificate on RSA Authentication Manager 8.2 and higher
Originally Published: 2018-06-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2, 8.3, 8.4, 8.5
Issue
- How to regenerate the deleted Authentication Manager default server certificate.
- How to resolve the following Java exception error that occurs when running the rsautil reset-server-cert command to restore the default console certificate on RSA Authentication Manager:
java.lang.NullPointerException
at com.rsa.authmgr.install.tools.CertManager.resetServerCert(CertManager
at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:15
at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)Resolution
- Open an SSH session using an SSH client, such as PuTTy, to the RSA Authentication Manager primary server.
- Login as rsaadmin and enter the operating system password.
Note that during Quick Setup another username may have been selected. Use that username to login.
- Go to /opt/rsa/am/utils/.
login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Wed Jun 20 05:24:51 2018 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~> cd /opt/rsa/am/utils
- Run the ./rsautil manage-ssl-cert --regen-internal-ca command to regenerate the RSA Authentication Manager default console certificate.
- When prompted, enter the Operations Console administrator username and password:
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-ssl-cert --regen-internal-ca Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> Manage SSL Certificate Utility 8.2.0.2.0 (1388711) Copyright (C) 2016 RSA Security Inc. All rights reserved. Regenerating internal certificate authority and SSL certificates... Created backup of current keystores at: /opt/rsa/am/server/security/JKS_BACKUP_3472436041899343669 Created primary keystore ZIP: primary-keystores.zip Copy this file to each Replica instance and run this tool providing this file as the parameter to the "--keystore-zip" option. Command completed successfully. rsaadmin@am82p:/opt/rsa/am/utils>
The above command will also create a backup of the current keystores which will be saved to /opt/rsa/am/server/security/JKS_BACKUP_XXXXXXXXXXXXXXXXXXX
- Once these steps are complete, elevate privileges to root and reboot the appliance by issuing the commands below:
rsaadmin@am82p:~> sudo su - root rsaadmin's password: <enter operating system password> am82p:/home/rsaadmin # reboot Broadcast message from root (pts/0) (Wed Jun 20 08:15:08 2018): The system is going down for reboot NOW! am82p:/home/rsaadmin #
- Now the Java error will not occur while running the ./rsautil reset-server-cert command.
- After reverting to the default certificate, the expired certificate will be listed as Inactive in the Operations Console under Deployment Configuration > Certificates > Console Certificate Management.
Notes
Related Articles
How to handle a request for information on Access Control and Data Security in RSA Web Threat Detection Number of Views Configure Device Registration for a Risk-Based Authentication Policy Number of Views Intermittent high CPU usage effecting overall performance in RSA Identity Governance & Lifecycle 7.x when using Password M… Number of Views RSA Identity Governance and Lifecycle - Business Continuity & High Availability Number of Views Problem with high availability of LDAP server in RSA Certificate Manager 6.6 Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
