Article Number
000037678
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, Authentication Manager Prime
RSA Version/Condition: 8.4
Issue
After upgrading to RSA Authentication Manager 8.4, users aren't able to login to the Authentication Manager Prime Help Desk Admin Portal (HDAP) and/or Self Service Portal (SSP). If you check the log file <AMIS_installation_directory>/logs/am8.log, the following error will appear:
Could not access HTTP invoker remote service at [/ims-ws/httpinvoker/CommandServer]; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Cause
RSA Authentication Manager 8.4 mandates TLS 1.2 in strict mode. Java versions prior to JRE/JDK 8.x do not. When AMIS running JRE 7 or older sends a client hello using a protocol other than TLS 1.2 to Authentication Manager 8.4 during the SSL handshake, Authentication Manager refuses to complete the handshake.
Resolution
Follow these steps to resolve this issue:
- Download and Install Java JRE 8 or higher on the system where Authentication Manager Prime is installed.
- Stop all Authentication Manager Prime services (i.e., AMIS, SSP, HDAP).
- Point Tomcat to the newly installed Java location. Refer to article 000030993 - RSA Authentication Manager Prime services fail to start after Java update on a Windows server: Error Failed creating java for more information.
- Start all Prime services