SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
New Contributor
New Contributor

Reset certificate is this safe operation ?



I have a problem with expired certificate. My primary server had services in state shutdown. When i ask about status results of command below


./rsaserv status

RSA Database Server                                        [RUNNING]

RSA Administration Server with Operations Console          [SHUTDOWN]

RSA RADIUS Server Operations Console                       [SHUTDOWN]

RSA Runtime Server                                         [SHUTDOWN]

RSA RADIUS Server                                          [RUNNING]

RSA Console Server                                         [SHUTDOWN]

RSA Replication (Primary)                                  [RUNNING]


Services in state SHUTDOWN didn't change status to primary. I was read about possibility reset certificate.


revert back to the default self-signed certificate:  /opt/rsa/am/utils/rsautil reset-server-cert 

Is this safe operation ? After this operation services safely change status to RUNNING ?


Best regards



1 Reply
Apprised Contributor Apprised Contributor
Apprised Contributor

This is a safe operation, and since your replacement console certificate is expired and services are stopped, it is the only way to get services started again.


Some considerations;

 1. This will restore the RSA self-signed console certificate, which your browser most likely will not trust.  If you lock down your browsers to prevent accessing Web sites with untrusted Certificates, you will have to get around that policy.  Most site simply display the warning, and you can click to accept the risk and get back into the Security or Operations console.

2.You need services running in order to access the Security or Operations console, and for authentication to work on this AM server. 

3. You will probably need to request a new replacement console certificate to replace the expired one.