Service cannot start after Patch upgrade or reboot
2 years ago
Originally Published: 2015-05-20
Article Number
000060643
Applies To
AM8.1
 
Issue
Customer upgraded his AM8.1 to P5 but found service cannot start.
Failed at:  RSA Administration Server with Operations Console 
Cause
Checked AdminServer.log found the actual cause is the certificate expired.

Caused by: weblogic.management.configuration.ConfigurationException: Identity certificate has expired: [
  Version: V3
  Serial Number: 577932504454808758911201
  SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
  Issuer Name: CN=CA Subordinada DAVIVIENDA, OU=Administracion Seguridad TI, O=Banco Davivienda S.A, L=Bogota D.C, ST=Bogota D.C, DC=davivienda, DC=loc, C=CO
  Validity From: Sun May 04 04:24:52 COT 2014
           To:   Mon May 04 04:24:52 COT 2015
  Subject Name: EMAILADDRESS=aechandia@davivienda.com, CN=SADGVRSA01.davivienda.loc, OU=Admon Seguridad TI, O=Banco Davivienda S.A, L=Bogota D.C., ST=Bogota D.C., C=CO
  Key: RSA (1.2.840.113549.1.1.1)
 
Resolution
The fix to the issue is revert the certificate back to RSA self sign one (if customer concerns about the security, they can replace it after all services are up)

1. go to:  cd /opt/rsa/am/utils
2. issue: ./rsautil reset-server-cert
Please enter OC Administrator username: aseguti
Please enter OC Administrator password: ************
Are you sure that you want to reset the following server certificate as the default server certificate? Y/N
EMAILADDRESS=aechandia@davivienda.com, CN=SADGVRSA01.davivienda.loc, OU=Admon Seguridad TI, O=Banco Davivienda S.A, L=Bogota D.C., ST=Bogota D.C., C=CO
: Y
Server certificate successfully reset. Restart all AM services to complete the process.

3. go to: cd /opt/rsa/am/server
4. issue: ./rsaserv restart
5. Now all services should be able to start.

Related Articles

Trending Articles

Don't see what you're looking for?