RSA : Self Signed SSL Server Certificate expired

Hi Experts,

I looked around in the RSA Operations Console and found that a SSL Certificate was expired from two weeks. The RSA service is still running but I can't find that expired certificate nor on the RSA hosting Server (2003 R2 x86) nor on the DC (SBS 2011) to renew it. I used the certutil command and looked up in the Certification Authority of SBS 2011. The SBS 2011 Server has a GoDaddy certificate which include SERVER1.dmn.local name. Could I bind this one to RSA ? If so, how do I have to proceed please ?

Certificate: server1
       Help on this pageTopics... Skip Topics...
SSL Certificates for Identity Sources
Add an Identity Source SSL Certificate
Edit Identity Source SSL Certificates
  View Certificate  

View the details of this SSL certificate.

   Required field  
Certificate Basics  
 Certificate Name: The certificate name must be a unique identifier from 1 to 255 characters.  server1
 Notes:  You may enter up to 255 characters of text. server1
Certificate Details  
 Version:    3
 Serial Number:    45***********************75
 Signature Algorithm:    SHA1withRSA
 Issuer:    CN=dmn-SERVER1-CA
 Valid From:    Jan 25, 2013 1:12:56 PM CET
 Valid To:    Jan 25, 2014 1:12:56 PM CET
 Subject:    CN=SERVER1.dmn.local
 Public Key:    Sun RSA public key, 2048 bits modulus:  ************************************************************************************************************************************************

If RSA still works well, what is this certificate for ?

Thank you in advance for your help, best regards,

PS : By the way, if someone know a good and crystal clear explicit course about certificates on Windows Server...
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
Probably you should catch first the 172 to 177 to see if it helps. There is a long life SSL signed cert by internal RSA CA and unique in each deployment. Also note the specific in pg 173 on the use of 3rd party cert and the requirement for importing cert and the replacement of the expired cert.

I suspect there is couple of cert and we need to activate the SSL cert in the server so that it is the actual one running live. The replacement of the active console cert has to be done before it expired else when the console cert expired, you (rightfully) should not be able to start the Auth server after it is stopped. There is RSA tool in the pdf stated to help to perform manual replacement and restart service again.

Best to have support confirm if not sure since this is specific to RSA product
Look within the service/computer stores.  The certificate may have been used initially as test while the real/functional certificate was being acquired.

Based on the information it is not a self-signed CA.  The certificate was issued by an Internal CA (Issuer: dmn-SERVER1-CA). Check your CA and see what the purpose for this certificate.

self-signed means that NO CA was involved.
i.e. IIS self signed certificate as an example.
All Courses

From novice to tech pro — start learning today.