This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
KrystianKorzeni
New Contributor
New Contributor
‎2020-12-07 11:34 AM

Reset certificate is this safe operation ?

Hello

 

I have a problem with expired certificate. My primary server had services in state shutdown. When i ask about status results of command below

 

./rsaserv status

RSA Database Server                                        [RUNNING]

RSA Administration Server with Operations Console          [SHUTDOWN]

RSA RADIUS Server Operations Console                       [SHUTDOWN]

RSA Runtime Server                                         [SHUTDOWN]

RSA RADIUS Server                                          [RUNNING]

RSA Console Server                                         [SHUTDOWN]

RSA Replication (Primary)                                  [RUNNING]

 

Services in state SHUTDOWN didn't change status to primary. I was read about possibility reset certificate.

 

revert back to the default self-signed certificate:  /opt/rsa/am/utils/rsautil reset-server-cert

https://community.rsa.com/docs/DOC-47457 

Is this safe operation ? After this operation services safely change status to RUNNING ?

 

Best regards

Krystian

 

0 Likes
Reply
1 Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-12-07 12:36 PM

This is a safe operation, and since your replacement console certificate is expired and services are stopped, it is the only way to get services started again.

 

Some considerations;

 1. This will restore the RSA self-signed console certificate, which your browser most likely will not trust.  If you lock down your browsers to prevent accessing Web sites with untrusted Certificates, you will have to get around that policy.  Most site simply display the warning, and you can click to accept the risk and get back into the Security or Operations console.

2.You need services running in order to access the Security or Operations console, and for authentication to work on this AM server. 

3. You will probably need to request a new replacement console certificate to replace the expired one. 

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.