How to replace the RSA Authentication Manager self signed console certificate with a signed certificate from Microsoft Active Directory Certificate Authority
Originally Published: 2017-03-15
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Resolution
- From the Operations Console select Deployment Configuration > Console Certificate Management.
- Click Generate CSR.
- Under Certificate Basics, fill in the certificate information.
- Click Generate File.
- Download the CSR then open it with a text editor and copy the file content.
- On the Active Directory CA server, go to https://localhost/certsrv or https://<Active Directory_CA_FQDN>/certsrv:
- Click the link to submit an advanced certificate request.
- Click the option to submit a certificate request using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
- Under Saved Request paste the CSR file content into the box labeled Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7).
- For Certificate Template make sure to select Web Server.
- Click Submit.
- Click Download Certificate Chain.
- From the Operations Console select Deployment Configuration > Console Certificate Management.
- Select PKCS#7 (.cer or .p7b) for the Type of Certificate to import.
- Choose Import Certificate.
- Click Activate.
- Review the certificate details to ensure this is the certificate you wish to activate.
- Place a check in the Activate Certificate Confirmation box.
- Click Activate Certificate.
- After selecting Activate Certificate, the Authentication Manager services will be restarted automatically.
