iptables are good and is 'not' set to DROP port 5555
Certificate is expired.
The log snipped below is from the biztier.log, located at /opt/rsa/am/server/logs/biztier.log
####<Jul 7, 2021 9:01:01,809 PM UTC> <Error> <Server> <rsaamdevwf1> <biztier> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8bd24d2d-6160-478b-86c2-c756c2500eab-00000015> <1625778061809> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-002606> <The server is unable to create a server socket for listening on channel "AuthnServiceHttpsChannel". The address 0:0:0:0:0:0:0:1%lo might be incorrect or another process is using port 5555: java.io.IOException: Identity certificate has expired:
If you have recently updated the AM Primary console cert and facing this issue, REST has a cache of old console cert. To resolve the issue Flush the cache and later Reboot the Appliance
BiztierServerWrapper.log logs the following upon successful connection establishment.
18627:INFO | jvm 1 | main | 2021/07/08 10:19:22 | <Jul 8, 2021 11:15:19,297 AM EDT> <Notice> <Server> <BBEA-002606> <Channel "AuthnServiceHttpsChannel" is now listening on 192.168.20.152:5555 for protocols https.> where 192.168.20.152 is the IP address of RSA Authentication manager server