RSA SecurID Access Identity Router publish and access issues after importing certificates
Originally Published: 2020-02-19
Article Number
Applies To
RSA Product/Service Type: Identity Router
Issue
- Attempting to publishing configuration changes will fail after uploading application portal SSL certificates to the Cloud Admin Console with the following error:
Unsuccessful publish to the identity routers, successful publish to the cloud authentication services
- The Identity Router Management Portal is no longer accessible.
Cause
2020-02-18/15:41:58.359/UTC [PublishThread-348207] ERROR com.symplified.service.shared.manager.ServiceManagerImpl[296] - Reload of updateConfigService failed, reverting...
com.symplified.service.shared.StateChangeException: Unable to load configuration for service: keystoreService
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:137)
at com.symplified.service.shared.manager.ServiceManagerImpl.refreshWithDependencies(ServiceManagerImpl.java:571)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:293)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:270)
at com.symplified.service.appliance.core.ApplianceServiceImpl$PushThread.run(ApplianceServiceImpl.java:833)
Caused by: java.security.cert.CertificateException: Could not generate certificate:
at com.rsa.cryptoj.c.oz.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462)
at com.symplified.adapter.api.util.EncryptionUtils.getCertsFromNonHexEncodedX509FileString(EncryptionUtils.java:241)
at com.symplified.service.appliance.keystore.KeystoreService.getCertificatesAndKeyFromCustomer(KeystoreService.java:281)
at com.symplified.service.appliance.keystore.KeystoreService.loadConfig(KeystoreService.java:84)
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:135)
... 4 more
2020-02-18/15:41:58.364/UTC [PublishThread-348207] INFO com.symplified.service.appliance.sts.SecurityTokenService[375] - Resuming securityTokenService...
2020-02-18/15:41:58.483/UTC [PublishThread-348207] ERROR com.symplified.service.appliance.core.ApplianceServiceImpl[869] - Publish failed
com.symplified.service.shared.manager.ServiceManagerException: Reload of updateConfigService failed, revert successful
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:310)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:270)
at com.symplified.service.appliance.core.ApplianceServiceImpl$PushThread.run(ApplianceServiceImpl.java:833)
Caused by: com.symplified.service.shared.StateChangeException: Unable to load configuration for service: keystoreService
at com.symplified.service.shared.AbstractStatefulService.refresh(AbstractStatefulService.java:137)
at com.symplified.service.shared.manager.ServiceManagerImpl.refreshWithDependencies(ServiceManagerImpl.java:571)
at com.symplified.service.shared.manager.ServiceManagerImpl.reload(ServiceManagerImpl.java:293)
... 2 moreResolution
- Follow the certificate requirements in Certificate Bundle for RSA SecurID Access Application Portal.
- If using a CA-provided PFX file, use the commands below to extract the private key, SSL public certificate, and certificate chain:
openssl pkcs12 -in Certificate.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > Private.key
openssl pkcs12 -in Certificate.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > SSL.cer
openssl pkcs12 -in Certificate.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > CAchain.cer
Import the extracted certificates from the commands above as described in Step 3 of Configure Company Information and Certificates and publish the changes.
Related Articles
How to export RADIUS server certificate on authentication manager 8 Number of Views How to create / recreate a cluster in EA environment Number of Views RSA Access Manager Sun Java Server Web Server Agent upgrade is failing when running configure-sjsw7.sh script Number of Views Error message of passwd had "2" usages of 0, but expected 1, when installing RSA Identity Governance & Lifecycle Number of Views Password Available External email incorrectly defaults to localhost for hostname in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager Patch Updates RSA SecurID Software Token 4.1.2 and 4.2.1 for Mac OS X displays: No token storage device was detected. Verify that the de… How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID
Don't see what you're looking for?
