Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to the RSA SecurID Access Cloud Authentication Service
Originally Published: 2020-04-23
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4 patch 4 and above
Issue
Failed to register to the Cloud Authentication Service
Connection failed to Cloud Authentication Service
Connection failed to Cloud Authentication Service
The /opt/rsa/am/server/logs/imsTrace log from the RSA Authentication Manager server shows:
2020-04-17 14:22:07,977, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:624), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, INFO,
<Authentication Manager hostname>,,,,processRequest: casRegistration
2020-04-17 14:22:08,052, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:644), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Failed to initialize connection
javax.net.ssl.SSLException: Certificate not verified
Caused by: com.rsa.sslj.x.aL: Certificate not verified.
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
... 86 more
Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path.
at com.rsa.sslj.x.ck.a(Unknown Source)
at com.rsa.sslj.x.ck.checkServerTrusted(Unknown Source)
at com.rsa.sslj.x.aF.a(Unknown Source)
... 89 more
2020-04-17 14:22:08,058, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:406), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Unable to set connection
com.rsa.admin.casapimgt.CASConnectionManagerException: Authentication Manager cannot connect to
Cloud Authentication Service. Connection failed.
(CASApiAdminOperationsImpl.java:624), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, INFO,
<Authentication Manager hostname>,,,,processRequest: casRegistration
2020-04-17 14:22:08,052, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:644), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Failed to initialize connection
javax.net.ssl.SSLException: Certificate not verified
Caused by: com.rsa.sslj.x.aL: Certificate not verified.
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
at com.rsa.sslj.x.bh.a(Unknown Source)
... 86 more
Caused by: java.security.cert.CertificateException: the certificate chain is not trusted, Could not validate path.
at com.rsa.sslj.x.ck.a(Unknown Source)
at com.rsa.sslj.x.ck.checkServerTrusted(Unknown Source)
at com.rsa.sslj.x.aF.a(Unknown Source)
... 89 more
2020-04-17 14:22:08,058, [[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'],
(CASApiAdminOperationsImpl.java:406), trace.com.rsa.internal.admin.casapimgmt.impl.CASApiAdminOperationsImpl, ERROR,
<Authentication Manager hostname>,,,,Unable to set connection
com.rsa.admin.casapimgt.CASConnectionManagerException: Authentication Manager cannot connect to
Cloud Authentication Service. Connection failed.
Cause
Resolution
- Configure the proxy server to use SSL Passthrough rather than SSL Termination for the connection from RSA Authentication Manager to the Cloud Authentication Service,
- Import the root certificate from the proxy server into each RSA Authentication Manager instance in the environment that communicates with the Cloud Authentication Service through the proxy. For steps, contact RSA Customer Support.
Related Articles
Identity router (IDR) registration fails with error cannot connect to Cloud Authentication Service for RSA SecurID Access Number of Views Connection to Cloud Authentication service via Security Console fails with an error; ""Failed to register to the Cloud Aut… Number of Views RSA Authentication Manager Administration Server with Operations Console service fails to start when restarted from the SS… Number of Views Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … Number of Views Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Announces Critical Security Updates for RSA ID Plus Components - RSA Authentication Manager and RSA Identity Router RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for Oracle Linux RHEL Ubuntu CentOS and Rocky Linux Explanation of successful authentication followed by passcode reuse and bad tokencode messages in RSA Authentication Manag… Quick Setup Guide - FIDO
Don't see what you're looking for?
