Services failed to restart after upgrade to 8.8 while using custom signed certificates
Article Number
Applies To
Authentication Manager Version 8.8
Issue
Services failed to restart after upgrade to 8.8 while using custom signed certificates.
Logs show: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server
Example certificate:
Cause
Authentication Manager version 8.8 uses Java version 12. This error occurred because Java 12 no longer accepts the "Netscape cert type" extension.
Resolution
Use a certificate that doesn't use the netscape extension.
Workaround
Revert back to self signed certificate.
rsaadmin@am81p:~> cd /opt/rsa/am/utils rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil reset-server-cert Please enter OC Administrator username: <enter Operations Console admin user name> Please enter OC Administrator password: <enter the password for the Operations Console user>
After the certificate is replaced, restart the Authentication Manager services:
rsaadmin@am81p:/opt/rsa/am/utils> cd ../server rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv restart all
