Replace an Expired Console Certificate

If you replace the original console certificate with a certificate issued by a third-party certificate authority (CA), you must make sure that this third-party certificate is replaced before it expires. When the console certificate expires, you cannot start the AM services after they are stopped.

If you stop AM services on a deployment with an expired certificate, perform the following procedure. and then start the services.

Procedure 

1. Log on to the appliance with the User ID rsaadmin and the current operating system password:

   • On a hardware appliance, the Amazon Web Services appliance or the Azure appliance, log on to the appliance using an SSH client.

2. On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.

   On a Hyper-V virtual appliance, log on to the appliance using an SSH client , the Hyper-V System Center Virtual Machine Manager, or the Hyper-V Manager.

For instructions, see Log On to the Appliance Operating System with SSH.

3. Change the directory to utils. Type:

   cd /opt/rsa/am/utils

   and press ENTER.

4. Run the following command to change the console certificate from the third-party certificate to the original certificate. Type the following, and press ENTER:

   ./rsautil reset-server-cert -u oc_admin_UserID

   -p oc_admin_password

   where:

   • oc_admin_UserID is the user name for an Operations Console administrator

   • oc_admin_password is the Operations Console administrator’s password

After you finish 

Start the AM Services. For instructions, see "Manage RSA Authentication Manager Services Manually" in the Administrator's Guide.