On-demand token delivery is not working after upgrading to RSA Authentication Manager 8.4
Originally Published: 2020-09-18
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4 and higher.
Issue
Failed to send message. SSL connection not verified with peer. Please check that the certificate you imported is valid for this deployment
The /opt/rsa/am/server/logs/imsTrace.log is showing the following errors:
2020-06-08 17:39:26,471, [SMSMessageProcessor Core Thread #4], (HTTPPlugin.java:306), trace.com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin, ERROR, prdvrsamsha01.kpmgmgmt.com,,,, Failed to send an SMS message via HTTP javax.net.ssl.SSLPeerUnverifiedException: No certificate found in session or SSL peer not authenticated. at com.rsa.authmgr.internal.smsplugin.impl.SMSSecureProtocolSocketFactory.verifyHostname(SMSSecureProtocolSocketFactory.java:236) at com.rsa.authmgr.internal.smsplugin.impl.SMSSecureProtocolSocketFactory.createSocket(SMSSecureProtocolSocketFactory.java:198) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1321) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) at com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin.executeSendMessage(HTTPPlugin.java:356) at com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin.sendRequest(HTTPPlugin.java:302) at com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin.send(HTTPPlugin.java:279) at com.rsa.authmgr.internal.message.processor.impl.MessageHandlerImpl.handle(MessageHandlerImpl.java:84) at com.rsa.authmgr.internal.message.processor.impl.MessageProcessorImpl$MessageProcessorTask.run(MessageProcessorImpl.java:493) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2020-06-08 17:39:26,472, [SMSMessageProcessor Core Thread #4], (HTTPPlugin.java:281), trace.com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin, ERROR, prdvrsamsha01.kpmgmgmt.com,,,,Failed to create SMS HTTP request com.rsa.common.InvalidArgumentException: Failed to send SMS message via HTTP at com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin.sendRequest(HTTPPlugin.java:309) at com.rsa.authmgr.internal.smsplugin.impl.HTTPPlugin.send(HTTPPlugin.java:279) at com.rsa.authmgr.internal.message.processor.impl.MessageHandlerImpl.handle(MessageHandlerImpl.java:84) at com.rsa.authmgr.internal.message.processor.impl.MessageProcessorImpl$MessageProcessorTask.run(MessageProcessorImpl.java:493) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
The ODA certificate is valid and not expired.
Cause
Resolution
If the AM is running on 8.4 P2 or higher the hotfix is already available so the utility could be applied directly following the below steps:
- Open an SSH session on the Authentication manager server. Login as the rsaadmin user, noting that during Quick Setup another username may have been selected. If that is the case, that username to login.
- Go to /opt/rsa/am/utils.
- Run the command.
./rsautil store -a add_config ims.tls.cipher_list.use_via_trust true GLOBAL BOOLEAN.
This global variable prevents Authentication Manager 8.4 from including the TLS_DHE_RSA_WITH_AES_256_GCM_SHA_384 cipher suite in the SSL client hello.
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Tue FEb 26 10:36:31 2018 from 192.168.2.102 RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am82p:~> cd /opt/rsa/am/utils saadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a add_config ims.tls.cipher_list.use_via_trust true GLOBAL BOOLEAN Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> psql.bin:/tmp/f8e39a3c-a614-41e3-be96-299e670f0a73525273943558510875.sql;0108; NOTICE: Added the new configuration parameter "ims.tls.cipher_list.use_via_trust" with the value "true" add_config --------------------- (1 row) If the configuration parameter "ims.tls.cipher_list.use_via_trust" is already added you can update it using the below command. saadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a update_config ims.tls.cipher_list.use_via_trust false GLOBAL BOOLEAN Please enter OC Administrator user name: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> psql.bin:/tmp/e6871864-6126-47cc-af20-0c261a3bbb643013521437038491182.sql;167; NOTICE: Added the new configuration parameter "ims.tls.cipher_list.use_via_trust" from "true" to "false" for the instance 'GLOBAL'. update_config --------------------- (1 row) |
Notes
Attachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).
Related Articles
How to verify NTP server synchronization is not working in RSA Authentication Manager 8.x Number of Views Alias host name redirect to consoles is not working after upgrade to RSA Authentication Manager 8.3 patch 1 Number of Views RSA SecurID Access Automatic Integrated Windows Authentication (IWA) not working Number of Views MessageMedia SMS Gateway - On Demand Token Code Delivery Configuration - RSA Ready SecurID Access Implementation Guide Number of Views SNMP queries and traps not working after configuring Authentication/Privacy passwords on RSA Authentication Manager 8.x Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
