This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to the RSA SecurID Access Cloud Authentication Service

Article Number

000038779

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4 patch 4 and above

Issue

Attempting to connect RSA Authentication Manager to the Cloud Authentication Service through a proxy server from the Security Console (Home > Configure the connection), fails with the following messages:
 
Failed to register to the Cloud Authentication Service

Connection failed to Cloud Authentication Service

The /opt/rsa/am/server/logs/imsTrace log from the RSA Authentication Manager server shows:
 
2020-04-17 14:22:07,977, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:624), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, INFO,
<Authentication Manager hostname>,,,,processRequest: casRegistration
2020-04-17 14:22:08,052, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:644), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Failed to initialize connection
javax.net.ssl.SSLException: Certificate not verified

Caused by: com.rsa.sslj.x.aL: Certificate not verified.
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
... 86 more
Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path.
at com.rsa.sslj.x.ck.a(Unknown Source)
at com.rsa.sslj.x.ck.checkServerTrusted(Unknown Source)
at com.rsa.sslj.x.aF.a(Unknown Source)
... 89 more
2020-04-17 14:22:08,058, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:406), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Unable to set connection
com.rsa.admin.casapimgt.CASConnectionManagerException: Authentication Manager cannot connect to
Cloud Authentication Service. Connection failed.

Cause

This error occurs with the combination of the proxy server using SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service and RSA Authentication Manager not trusting the certificate from the proxy server.

Resolution

There are two ways to resolve this issue:
  • Configure the proxy server to use SSL Passthrough rather than SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service, 
           or
  • Import the root certificate from the proxy server into each RSA Authentication Manager instance in the environment that communicates with the Cloud Authentication Service through the proxy. For steps, contact RSA Customer Support.
Tags (73)
0 Likes
Was this article helpful? Yes No
0% helpful (0/1)

In this article

Version history
Last update:
‎2020-12-12 10:45 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.