This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TroyCulpepper
Contributor
Contributor
‎2019-02-04 09:24 AM

Server Certificates

Jump to solution

First time submitting a question so please bare with me.  I am trying to install some certificates on my SecureID deployment and for some reason it is still showing not secured.  I have been working it for several days and I am still having some issues.  We are using SAN certificates from our normal cert authority, I created and download new certificates and I THINK they are installed correctly, still nothing.

 

Thanks for the help!

0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
In response to TroyCulpepper
‎2019-02-04 03:30 PM

Jump to solution

You installed the signer certs but not the server cert.

Take the cert bundle you got back from the CA, and open it up in IE or KeystoreExplorer, and see if you have the correct piece you can export as base64 and import to RSA server. 

 

At this point if you still have a problem getting the proper chain installed, you should open a support case since troubleshooting this further on this forum may lead to exposing private data you don't want here. With a support case we can dig in privately.

View solution in original post

Reply
10 Replies
EdwardDavis
Employee
Employee
‎2019-02-04 11:03 AM

Jump to solution

Please define in more specific details what you mean by 'not secured'.

0 Likes
Reply
TroyCulpepper
Contributor
Contributor
‎2019-02-04 11:09 AM

Jump to solution

Mr. Davis, thanks for the reply!  By not secured I mean, when I am in the browser (or when people access their self service page) it indicates that the connection is not secure.  I believe this is preventing people with android phones from getting their certificate when scanning their QR code.

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to TroyCulpepper
‎2019-02-04 11:19 AM

Jump to solution

There must a a specific message with specific details as to why is it saying not secure.

0 Likes
Reply
TroyCulpepper
Contributor
Contributor
In response to EdwardDavis
‎2019-02-04 11:38 AM

Jump to solution

Here is what I am talking about.  The certificates have been added via the operations console but we continue to get this when browsing to any of the pages.

 

 

rsa.png

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to TroyCulpepper
‎2019-02-04 12:02 PM

Jump to solution

The 'more information' part will have some detailed info about why it is flagged. 

Reply
TroyCulpepper
Contributor
Contributor
In response to EdwardDavis
‎2019-02-04 12:48 PM

Jump to solution

Here is what Firefox is saying.

 

When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead, show you an error page with the message, Your connection is not secure:

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to TroyCulpepper
‎2019-02-04 01:19 PM

Jump to solution

That is generic information. There are specific details still missing.

 

What I am asking about, is , there is a specific reason yours is flagging that not secure message. What is that specific reason ?

 

For example mine gives me a warning because I am using a cert signed by a non-well known CA, (the built in certs) so I get a generic 'checkbox item' warning, which would be for someone to know the cert is not signed by a well-known CA. That in itself is not a security issue. It is just a generic warning for those who are interested in seeing certs signed by well known CA's, they'd see this one and know to look a bit deeper (and then in the case of the AM server built-in cert, see there is no actual concern).

 

example 1 chrome

pastedImage_1.png

example 2 firefox

pastedImage_1.png

 

the reason for the warning

pastedImage_2.png

Reply
EdwardDavis
Employee
Employee
In response to EdwardDavis
‎2019-02-04 03:01 PM

Jump to solution

Ok, the warning is about a self-signed cert (not in the trusted cert authority pack found in most browsers and operating systems).

 

You may need to go to the operations console and see what certs are available and hit 'activate' on the new one you installed....to swap to the new cert. You can generate CSR's and install certs, but the system remains on the current cert until you 'activate' it.

 

in my example below I have an old cert I could activate.

 

Your system should show the new cert (if valid) has a dropdown to activate it.

 

pastedImage_1.png

Reply
TroyCulpepper
Contributor
Contributor
In response to EdwardDavis
‎2019-02-04 03:19 PM

Jump to solution

Now we are getting somewhere.  Here is what my certs look like.  Looks like I did something wrong, I can't activate.

 

Capture.PNG

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.