Obtain the RSA root CA certificate from RSA Authentication Manager 8.x
10 hours ago
Originally Published: 2016-01-17
Article Number
000048109
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
This article explains how to obtain the RSA root CA certificate from the Authentication Manager instance.
Resolution

There are two methods that can be used to obtain the Authentication Manager instance RSA root CA certificate. The easiest approach for an administrator to obtain the self-signed RSA root CA certificate is by using a supported web browser.

UI Steps

  1. Access either the Operations Console or Security Console with a web browser (using Google Chrome for this example).
  2. Click the padlock with the small red cross.
​Example:
User-added image
  1. The administrator is presented with the option to view the certification.  Click the Certificate information link
User-added image
  1. The server certificate is displayed:
User-added image
  1. Click the Certificate Path tab and select the RSA root CA certificate.
  2. Click View Certificate.
User-added image
  1. After viewing the RSA root CA certificate click the Details tab.
  2. Click Copy to File… to save the certificate to a file.
User-added image
  1. At the Certificate Export Wizard, click Next.
User-added image
  1. Select a format you want to use (leaving the default for this example) and click Next.
User-added image
  1. Enter a file name and click the Next.
User-added image
  1. Click Finish.
User-added image
  1. A confirmation appears:
User-added image
  1. In Windows Explorer double click the C:\RSA_root_CA.cer and the RSA root CA certificate is displayed:
User-added image

Alternatively an administrator can access the operating system and export the RSA root CA certificate from the /opt/rsa/am/server/security/caStore.jks file.

SSH Steps

  1. How to SSH to an RSA Authentication Manager version 8.x server
  2. Launch an SSH client, such as PuTTY.
  3. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Enter the following command and the keystore password when prompted:
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Thu Jan  9 18:06:47 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
  1. Navigate to /opt/rsa/am /utils.
  2. Viewing the contents or exporting data from caStore.jks requires the Root Certificate Keystore File Password.  Run ./rsautil manage-secrets -a listall to get the Root Certificate Keystore File Password:
rsaadmin@am82p:~> cd /opt/rsa/am/utils/
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a listall
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
Root Certificate Keystore File Password ...............: BB3aNkbU4uaEoNbURuTmnp5d7Kcuna
  1. To list the contents of the caStore.jks file use the following command:
rsaadmin@am82p:~>/opt/rsa/am/appserver/jdk/bin/keytool -export -keystore /opt/rsa/am/server/security/caStore.jks
Enter keystore password: <enter Root Certificate Keystore File Password from step 6>
  1. To export the RSA root CA certificate (with alias rsa_ca_am) use the command : 
rsaadmin@am82p:/opt/rsa/am/utils> /opt/rsa/am/appserver/jdk/bin/keytool -export -alias rsa-am-ca -file rsa-am-ca.crt -keystore /opt/rsa/am/server/security/caStore.jks
Enter keystore password: <enter Root Certificate Keystore File Password from step 6>
  1. Use a secure FTP client (where SSH access to the operating system has been enabled) to copy the rsa-am-ca.crt file from the Authentication Manager instance.

 

 

 
 
 

Related Articles

Trending Articles

Don't see what you're looking for?