These specific instructions are for Chrome. If you cannot use Chrome in your environment search the internet for export root certificate from <browser vendor name>. Other browser types use similar steps.

The images below show the steps for obtaining the Cloud Authentication Service root certificate.

• For an RSA Authentication Manager root certificate, browse to https://<Authentication Manager server fully qualified domain name>/sc.
• For an Identity Router root certificate, browse to https://<IDR Management IP>/setup.jsp.
• For the Cloud Authentication Service root certificate, browse to any valid Administration Console URL, such as https://<company subdomain>-<baseAccessDNSName>.securid.com.

Refer to the following table for baseAccessDNSName.

1. Browse to your RSA Authentication Manager Security Console, to the Identity Router setup.jsp page, or to the Cloud Administration Console, as appropriate.
2. Click the lock icon in the browser address bar:

3.  Click Certificate:

4. Click the Certification Path tab.
5. Double-click the top-level (root) certificate in the list.

6. Click the Details tab.
7. Click Copy to File...

8. Click Next.

9. Choose Base-64 encoded X.509 output format.
10. Click Next.

11. Specify the filename for the export.
12. Click Next.

13. Click Finish.

14. The certificate should now be available in the specified file.

Note that for certain versions of Authentication Manager and associated agents (e.g., MFA agents like the MFA Agent 9.0 for PAM, etc.) that a SHA256 certificate is required.