This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

SecurID Access Application Portal still using old certificate after it was replaced

Article Number

000039951

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Cloud Authentication Service
RSA Version/Condition: Identity Router

Issue

The public certificate on the Cloud Administration Console > My Account > Company Settings > Company Information page was replaced, but the old certificate is still presented to the browser when users browse to the Application Portal.

Cause

There are two causes for this that are most likely. To narrow this down, browse to the identity router's setup page by opening a web browser and doing one of the following:

  • For VMware and Hyper-V identity routers, go to one of the following:

    • https://<identityrouterIP>/setup.jsp (for an identity router with two network interfaces)
    • https://<identityrouterIP>:9786/setup.jsp (for an identity router with one network interface), 
where <identityrouterIP> is the IP address of the identity router's management interface.
  • For Amazon cloud-based identity routers, go to https://<identityrouterIP>:9786/setup.jsp,
where <identityrouterIP> is the private IP address of the identity router.


Once at the identity router's setup page, check what certificate is presented to the browser (search the internet for how to do this for the particular browser being used, if needed.)
Either the old certificate or the new certificate will be seen.

  • If the old certificate is still seen, then it is possible that the changes made when uploading the new public certificate to the Cloud Administration Console were not saved and/or published, so the identity router did not get updated with the new certificate.
  • If the new certificate is seen, this indicates that the identity router was updated with the new certificate. This scenario very likely means that users are accessing the Application Portal through a load balancer and that the load balancer is still presenting the old certificate when the Application Portal is accessed.

Resolution

Depending on whether the old or new public certificate was seen on the identity router's setup page from the test above, do one of the following:
  • If the old certificate was seen on the identity router's setup page, verify that the new public certificate is uploaded to the Cloud Administration Console > My Account > Company Settings > Company Information page, save these settings, and then publish the new changes. Once the publish completes, browse to the Application Portal and verify that the new certificate is presented to the browser.
  • If the new certificate was seen on the identity router's setup page, check to see if the load balancer used with the identity router(s) for the Application Portal needs to be updated to use the new public certificate or if it needs to have its cache cleared so that it presents the new certificate.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-11-19 06:43 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.