First time submitting a question so please bare with me. I am trying to install some certificates on my SecureID deployment and for some reason it is still showing not secured. I have been working it for several days and I am still having some issues. We are using SAN certificates from our normal cert authority, I created and download new certificates and I THINK they are installed correctly, still nothing.
Thanks for the help!
You installed the signer certs but not the server cert.
Take the cert bundle you got back from the CA, and open it up in IE or KeystoreExplorer, and see if you have the correct piece you can export as base64 and import to RSA server.
At this point if you still have a problem getting the proper chain installed, you should open a support case since troubleshooting this further on this forum may lead to exposing private data you don't want here. With a support case we can dig in privately.
Mr. Davis, thanks for the reply! By not secured I mean, when I am in the browser (or when people access their self service page) it indicates that the connection is not secure. I believe this is preventing people with android phones from getting their certificate when scanning their QR code.
Here is what I am talking about. The certificates have been added via the operations console but we continue to get this when browsing to any of the pages.
Here is what Firefox is saying.
When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead, show you an error page with the message, Your connection is not secure:
That is generic information. There are specific details still missing.
What I am asking about, is , there is a specific reason yours is flagging that not secure message. What is that specific reason ?
For example mine gives me a warning because I am using a cert signed by a non-well known CA, (the built in certs) so I get a generic 'checkbox item' warning, which would be for someone to know the cert is not signed by a well-known CA. That in itself is not a security issue. It is just a generic warning for those who are interested in seeing certs signed by well known CA's, they'd see this one and know to look a bit deeper (and then in the case of the AM server built-in cert, see there is no actual concern).
example 1 chrome
example 2 firefox
the reason for the warning
Ok, the warning is about a self-signed cert (not in the trusted cert authority pack found in most browsers and operating systems).
You may need to go to the operations console and see what certs are available and hit 'activate' on the new one you installed....to swap to the new cert. You can generate CSR's and install certs, but the system remains on the current cert until you 'activate' it.
in my example below I have an old cert I could activate.
Your system should show the new cert (if valid) has a dropdown to activate it.