When we load the certificate we receive the error:
I have already rebooted the RSA AM. with the same problem.
Can anyone help me?
Thank you and
Without the specific details on the certificate, we can only assume the error message is true, you have a certificate problem.
What is the SMS provider name and URL for SMS they say to use ?
The certificare is .cer the sms provider is Actalis.
in the attach my sms configuration.
<original image deleted because it contained personal indentifiable information, redacted image posted>
That is not a standard SMS, this is custom and specific to your site. You need to work with the people setting up the custom SMS site or SMS Proxy and work out the Secure Sockets Connection issue internally, or open a support case where RSA support can work on the problem directly.
Since this is custom site, and not a widely-known SMS (such as Clickatell, Nexmo, Telesign, or others) I suggest not posting further details and information on this RSA public forum.
Here is where you can find setup and implementation guides for most SMS providers
For these there would be public certificates to download and install to make secure SMS transmission, but yours is custom and much more private, so not, in my opinion, a good candidate for discussion and detailed troubleshooting here, it is best in a support case where it all can be kept private.
On command line, the imsTrace.log in /opt/rsa/am/server/logs directory
can provide more details on the specific connection errors (set trace log to verbose on Security Console, Setup, System Settings, logging).
You can also use openssl to probe yoursms.site.com and examine details about the public certificate information. one example:
openssl s_client -connect yoursms.site.com:443 2>/dev/null | openssl x509 -noout -text
Thanks for the answer.
Unfortunately all the logs report the same error:
This is a pretty standard java error where it is saying the sms site does not present a certificate or correct ciphers for the connection. You can try using http and not https, or otherwise do need to work out what is actually enabled on the sms site regarding certificates and tcp ports to use...and what .cer file you have that matches what is needed. Also if this is Auth Manager 8.4 or higher, it must be a TLS1.2 connection, it will not negotiate lower to SSL3.0, or TLS1.0, TLS1.1.
public class SSLPeerUnverifiedExceptionextends SSLException
When the peer was not able to identify itself (for example; no certificate, the particular cipher suite being used does not support authentication, or no peer authentication was established during SSL handshaking) this exception is thrown.
Note about 8.4...This is from the 8.4 patch 2 readme, so possible fix here if you are on 188.8.131.52.0 or higher...
the command line below will not work below 8.4 patch 2
After upgrading to RSA Authentication Manager 8.4, certificates that are at least 2048 bits are required.
If the Authentication Manager is configured with the https plugin to deliver ODA code, and the connection to the SMS provider servers is configured with SSL key exchange algorithms DH (Diffie-Hellman) and DHE, the connection fails.
To work around the issue, you can run the following command line utility (CLU) to turn on the pre-configured cipher list for SSL connections:
./rsautil store -a add_config ims.tls.cipher_list.use_via_trust true GLOBAL BOOLEAN
Thank you !!!
I' ll check these problems with my team.
Retrieving data ...