SecurID^® Discussions

Hello,

Did you get any solution. Please help me out

Mark Schoonover‌,

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

Alternatively, from the RSA Customer Support" data-type="space‌ page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space and click Ask A Question.  That way your question will appear in the correct space.

Regards,

Erica

The error you're seeing can be due to several reasons.

1- Maybe you're not using the correct root certificate for the AM, you must export it using this way:

Export the Server Root Certificate
Use the following procedure to export the server root certificate from the Authentication Manager server using Microsoft Internet Explorer.

Procedure

Launch Internet Explorer, and go to the following URL: https://server_name:7002. The Error 404 page appears.
Right click anywhere on the Error 404 page and select Properties.
In the Properties dialog box, click Certificates.
In the Certificate dialog box, select the Certification Path tab.
Click the top item in the certificate path.
Click View Certificate.
In the Certificate dialog box, click the Details tab.
Click Copy to File.
On the Certificate Export Wizard page, click Next.
On the Export File Format page, select DER encoded binary X.509 (.CER), and click Next.
On the File to Export page, click Browse.
Browse to a location to store the root certificate, enter am_root.cer in the File name field, make sure that Save as type is DER Encoded Binary X.509(*.cer), and click Save.
On the File to Export page, click Next.
On the Completing the Certificate Export page, click Finish.
Click OK.

Then import it in a keystore file using this way:

Procedure

Copy the root certificate, from the local machine to the client host.
On the client host, open a new command shell, and change directories to JAVA_HOME/jre/bin.
Type:
keytool -import -keystore SDK_HOME/lib/java/trust.jks -storepass cacerts_keystore_password -file am_root.cer -alias rsa_am_ca -trustcacerts

where

SDK_HOME is the installation directory for the Authentication Manager Software Development Kit
cacerts_keystore_password is the keystore password
and press ENTER.

The Java keytool confirms that the certificate is added to the keystore.

Then this key store you should point to it in the VM Arguments while running your code.

2- If your on AM 8.4 and above, your Code must connect to the AM using TLSv1.2, thus make sure that you use Java 1.8 and you must use the JARs from that specific version, do not use the .jar files from any older AM Version even if it's compatible with your code.

The following are Java system properties must be specified on the Java command line for correct client operation:

-Dlog4j.configuration=file:RSA Authentication Manager SDK/samples/admin/src/log4j.xml - The location of the log4j.xml configuration file. You can copy the log4j.xml file to any location as long as the property points to it. This property is required for applications that use logging.

-Dweblogic.security.SSL.trustedCAKeyStore=SDK_HOME/lib/java/trust.jks - The trust store for SSL EJB connections.

WebLogic requires the use of the TLSv1.2 protocol. Specify the following:
-Dweblogic.security.SSL.protocolVersion=TLSv1.2

-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2

-Djdk.tls.client.protocols=TLSv1.2

-Dhttps.protocols=TLSv1.2