Supported web browsers report an error message when accessing RSA Authentication Manager 8.1 Security Console or Operations Console
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1 Service Pack 1 or later
Supported web browsers report messages when accessing either the Security Console or the Operations Console or the Self-Service Console.
Microsoft Internet Explorer reports "There is a problem with this website's security certificate."
Google Chrome reports "Your connection is not private."
Mozilla Firefox reports "Your connection is not secure"
The Trusted Root Certification Authorities store of the Microsoft Windows workstation or server where the web browser is being used to access the Authentication Manager portals (Security Console, Operations Console and Self-Service Console) does not have the root CA certificate generated by the Authentication Manager instance during deployment.
Customers can replace the self-signed certificate created during the deployment of RSA Authentication Manager 8.1 software to remove the message presented in the web browser when accessing the Security Console, Operations Console or Self-Service Console. Instructions are provided in a section called Certificate Management for Secure Sockets Layer found in the RSA Authentication Manager 8.1 Administrator’s Guide (revision 1).
Alternatively, an administrator can add the Authentication Manager root CA certificate to the Trusted Root Certification Authorities store to avoid the web browser reporting the message.
Access either the Operations Console or Security Console with a web browser (Google Chrome is used for this example).
Click the padlock with the small red cross.
The administrator is presented with the option to view the certificate:
Click the Certificate information link.
The server certificate is displayed.
Click the Certificate Path tab and select the RSA root CA certificate.
Now click View Certificate.
After viewing the RSA root CA certificate click the Details tab.
Click the Copy to File… button to save the certificate to a file.
Click Next >.
Select a format you want to use and click Next > button (we left the default in the example below).
Enter a filename and click Next >.
In Windows Explorer double-click the C:\RSA_root_CA.cer and the RSA root CA certificate is displayed
Clicking the Install Certificate… button will enable the trust of the Authentication Manager root CA certificate in the Trusted Root Certification Authorities store.
Alternative access to the Authentication Manager root CA certificate
RSA Authentication Manager 8.1 uses JKS files to store certificates in /opt/rsa/am/server/security.
Listing of the password protected JKS files in /opt/rsa/am/server/security directory:
rsaadmin@am81p:/opt/rsa/am/server/security> ls -l *.jks
-rw-r--r-- 1 rsaadmin rsaadmin 4136 Dec 6 2013 biztier-identity.jks
-rw-r--r-- 1 rsaadmin rsaadmin 3197 Dec 6 2013 caStore.jks
-rw-r--r-- 1 rsaadmin rsaadmin 4153 Dec 6 2013 console-identity.jks
-rw-r--r-- 1 rsaadmin rsaadmin 2912 Dec 6 2013 trust.jks
-rw-r--r-- 1 rsaadmin rsaadmin 7295 Dec 6 2013 webserver-identity.jks
-rw-r--r-- 1 rsaadmin rsaadmin 4152 Dec 6 2013 webserver-inactive.jks
The Authentication Manager root CA certificate is stored in the caStore.jks file.
Listing the contents of the caStore.jks file would be done with the command: