SSL connection not verified with peer after importing a new SMS provider certificate for ODA
Originally Published: 2022-12-29
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Failed to send message
SSL connection not verified with peer. Please check that the certificate you imported is valid for the configured SMS provider.
Cause
Resolution
1. Login to the Authentication Manager primary server using any SSH client (e.g. PuTTy), then type the following command:
a. openssl s_client -connect <SMS_Provider_Base_URL>:443
2. Highlight and copy the output starting with the -----BEGIN CERTIFICATE----- until the -----END CERTIFICATE-----
3. Save it into a text editor like Notepad as <name>.cer
4. Login to the primary's Security Console
5. Navigate to Setup > System Settings > On-Demand Tokencode Delivery under Authentication Settings
6. Under the SMS Provider Configuration, click Import Certificate and import the file obtained from step 3
7. Save the changes and test again, the SMS message will be received
8. Reboot all replicas in the deployment for the change to replicate
Workaround
Notes
To force a specific server, add the -servername <FQDN_of_the_Server> to the openssl command as follows:
openssl s_client -connect <IP_of_the_Server>:<Port> -showcerts -servername <FQDN_of_the_Server>
