RSA SecurID Access Identity Router publish and access issues after importing certificates
Originally Published: 2020-02-19
Article Number
Applies To
RSA Product/Service Type: Identity Router
Issue
- Attempting to publishing configuration changes will fail after uploading application portal SSL certificates to the Cloud Admin Console with the following error:
Unsuccessful publish to the identity routers, successful publish to the cloud authentication services
- The Identity Router Management Portal is no longer accessible.
Cause
2020-02-18/15:41:58.359/UTC [PublishThread-348207] ERROR com.symplified.service.shared.manager.ServiceManagerImpl[296] - Reload of updateConfigService failed, reverting...
com.symplified.service.shared.StateChangeException: Unable to load configuration for service: keystoreService
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:137)
at com.symplified.service.shared.manager.ServiceManagerImpl.refreshWithDependencies(ServiceManagerImpl.java:571)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:293)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:270)
at com.symplified.service.appliance.core.ApplianceServiceImpl$PushThread.run(ApplianceServiceImpl.java:833)
Caused by: java.security.cert.CertificateException: Could not generate certificate:
at com.rsa.cryptoj.c.oz.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462)
at com.symplified.adapter.api.util.EncryptionUtils.getCertsFromNonHexEncodedX509FileString(EncryptionUtils.java:241)
at com.symplified.service.appliance.keystore.KeystoreService.getCertificatesAndKeyFromCustomer(KeystoreService.java:281)
at com.symplified.service.appliance.keystore.KeystoreService.loadConfig(KeystoreService.java:84)
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:135)
... 4 more
2020-02-18/15:41:58.364/UTC [PublishThread-348207] INFO com.symplified.service.appliance.sts.SecurityTokenService[375] - Resuming securityTokenService...
2020-02-18/15:41:58.483/UTC [PublishThread-348207] ERROR com.symplified.service.appliance.core.ApplianceServiceImpl[869] - Publish failed
com.symplified.service.shared.manager.ServiceManagerException: Reload of updateConfigService failed, revert successful
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:310)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:270)
at com.symplified.service.appliance.core.ApplianceServiceImpl$PushThread.run(ApplianceServiceImpl.java:833)
Caused by: com.symplified.service.shared.StateChangeException: Unable to load configuration for service: keystoreService
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:137)
at com.symplified.service.shared.manager.ServiceManagerImpl.refreshWithDependencies(ServiceManagerImpl.java:571)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:293)
... 2 moreResolution
- Follow the certificate requirements in Certificate Bundle for RSA SecurID Access Application Portal.
- If using a CA-provided PFX file, use the commands below to extract the private key, SSL public certificate, and certificate chain:
openssl pkcs12 -in Certificate.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > Private.key
openssl pkcs12 -in Certificate.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > SSL.cer
openssl pkcs12 -in Certificate.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > CAchain.cer
Import the extracted certificates from the commands above as described in Step 3 of Configure Company Information and Certificates and publish the changes.
Related Articles
RSA Access Manager Sun Java Server Web Server Agent upgrade is failing when running configure-sjsw7.sh script Number of Views How to create / recreate a cluster in EA environment Number of Views How to export RADIUS server certificate on authentication manager 8 Number of Views Password Available External email incorrectly defaults to localhost for hostname in RSA Identity Governance & Lifecycle Number of Views Error message of passwd had "2" usages of 0, but expected 1, when installing RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
