Solved

RSA : Self Signed SSL Server Certificate expired

Posted on 2014-02-14
2
1,747 Views
Last Modified: 2014-02-28
Hi Experts,

I looked around in the RSA Operations Console and found that a SSL Certificate was expired from two weeks. The RSA service is still running but I can't find that expired certificate nor on the RSA hosting Server (2003 R2 x86) nor on the DC (SBS 2011) to renew it. I used the certutil command and looked up in the Certification Authority of SBS 2011. The SBS 2011 Server has a GoDaddy certificate which include SERVER1.dmn.local name. Could I bind this one to RSA ? If so, how do I have to proceed please ?

Certificate: server1
       Help on this pageTopics... Skip Topics...
SSL Certificates for Identity Sources
Add an Identity Source SSL Certificate
Edit Identity Source SSL Certificates
 
  View Certificate  

View the details of this SSL certificate.

 
   Required field  
Certificate Basics  
 Certificate Name: The certificate name must be a unique identifier from 1 to 255 characters.  server1
 Notes:  You may enter up to 255 characters of text. server1
 
Certificate Details  
 Version:    3
 Serial Number:    45***********************75
 Signature Algorithm:    SHA1withRSA
 Issuer:    CN=dmn-SERVER1-CA
 Valid From:    Jan 25, 2013 1:12:56 PM CET
 Valid To:    Jan 25, 2014 1:12:56 PM CET
 Subject:    CN=SERVER1.dmn.local
 Public Key:    Sun RSA public key, 2048 bits modulus:  ************************************************************************************************************************************************

If RSA still works well, what is this certificate for ?


Thank you in advance for your help, best regards,


PS : By the way, if someone know a good and crystal clear explicit course about certificates on Windows Server...
0
Comment
Question by:jet-info
2 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39860947
Look within the service/computer stores.  The certificate may have been used initially as test while the real/functional certificate was being acquired.

Based on the information it is not a self-signed CA.  The certificate was issued by an Internal CA (Issuer: dmn-SERVER1-CA). Check your CA and see what the purpose for this certificate.

self-signed means that NO CA was involved.
i.e. IIS self signed certificate as an example.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39860960
Probably you should catch first the 172 to 177 to see if it helps. There is a long life SSL signed cert by internal RSA CA and unique in each deployment. Also note the specific in pg 173 on the use of 3rd party cert and the requirement for importing cert and the replacement of the expired cert.

http://www.emc.com/collateral/15-min-guide/h12276-am8-administrators-guide.pdf

I suspect there is couple of cert and we need to activate the SSL cert in the server so that it is the actual one running live. The replacement of the active console cert has to be done before it expired else when the console cert expired, you (rightfully) should not be able to start the Auth server after it is stopped. There is RSA tool in the pdf stated to help to perform manual replacement and restart service again.

Best to have support confirm if not sure since this is specific to RSA product
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question