Solved

RSA : Self Signed SSL Server Certificate expired

Posted on 2014-02-14
2
1,778 Views
Last Modified: 2014-02-28
Hi Experts,

I looked around in the RSA Operations Console and found that a SSL Certificate was expired from two weeks. The RSA service is still running but I can't find that expired certificate nor on the RSA hosting Server (2003 R2 x86) nor on the DC (SBS 2011) to renew it. I used the certutil command and looked up in the Certification Authority of SBS 2011. The SBS 2011 Server has a GoDaddy certificate which include SERVER1.dmn.local name. Could I bind this one to RSA ? If so, how do I have to proceed please ?

Certificate: server1
       Help on this pageTopics... Skip Topics...
SSL Certificates for Identity Sources
Add an Identity Source SSL Certificate
Edit Identity Source SSL Certificates
 
  View Certificate  

View the details of this SSL certificate.

 
   Required field  
Certificate Basics  
 Certificate Name: The certificate name must be a unique identifier from 1 to 255 characters.  server1
 Notes:  You may enter up to 255 characters of text. server1
 
Certificate Details  
 Version:    3
 Serial Number:    45***********************75
 Signature Algorithm:    SHA1withRSA
 Issuer:    CN=dmn-SERVER1-CA
 Valid From:    Jan 25, 2013 1:12:56 PM CET
 Valid To:    Jan 25, 2014 1:12:56 PM CET
 Subject:    CN=SERVER1.dmn.local
 Public Key:    Sun RSA public key, 2048 bits modulus:  ************************************************************************************************************************************************

If RSA still works well, what is this certificate for ?


Thank you in advance for your help, best regards,


PS : By the way, if someone know a good and crystal clear explicit course about certificates on Windows Server...
0
Comment
Question by:jet-info
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 39860947
Look within the service/computer stores.  The certificate may have been used initially as test while the real/functional certificate was being acquired.

Based on the information it is not a self-signed CA.  The certificate was issued by an Internal CA (Issuer: dmn-SERVER1-CA). Check your CA and see what the purpose for this certificate.

self-signed means that NO CA was involved.
i.e. IIS self signed certificate as an example.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39860960
Probably you should catch first the 172 to 177 to see if it helps. There is a long life SSL signed cert by internal RSA CA and unique in each deployment. Also note the specific in pg 173 on the use of 3rd party cert and the requirement for importing cert and the replacement of the expired cert.

http://www.emc.com/collateral/15-min-guide/h12276-am8-administrators-guide.pdf

I suspect there is couple of cert and we need to activate the SSL cert in the server so that it is the actual one running live. The replacement of the active console cert has to be done before it expired else when the console cert expired, you (rightfully) should not be able to start the Auth server after it is stopped. There is RSA tool in the pdf stated to help to perform manual replacement and restart service again.

Best to have support confirm if not sure since this is specific to RSA product
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question