Replace an Expired Console CertificateReplace an Expired Console Certificate
If you replace the original console certificate with a certificate issued by a third-party certificate authority (CA), you must make sure that this third-party certificate is replaced before it expires. When the console certificate expires, you cannot start the Authentication Manager services after they are stopped.
If you stop Authentication Manager services on a deployment with an expired certificate, perform the following procedure. and then start the services.
Log on to the appliance with the User ID rsaadmin and the current operating system password:
- On a hardware appliance, the Amazon Web Services appliance or the Azure appliance, log on to the appliance using an SSH client.
On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
On a Hyper-V virtual appliance, log on to the appliance using an SSH client , the Hyper-V System Center Virtual Machine Manager, or the Hyper-V Manager.
For instructions, see Log On to the Appliance Operating System with SSH.
Change the directory to utils. Type:
and press ENTER.
Run the following command to change the console certificate from the third-party certificate to the original certificate. Type the following, and press ENTER:
./rsautil reset-server-cert -u oc_admin_UserID
oc_admin_UserID is the user name for an Operations Console administrator
oc_admin_password is the Operations Console administrator’s password
After you finish
Start the Authentication Manager Services. For instructions, see "Manage RSA Authentication Manager Services Manually" in the Administrator's Guide.