Solved

RSA : Self Signed SSL Server Certificate expired

Posted on 2014-02-14
2
1,678 Views
Last Modified: 2014-02-28
Hi Experts,

I looked around in the RSA Operations Console and found that a SSL Certificate was expired from two weeks. The RSA service is still running but I can't find that expired certificate nor on the RSA hosting Server (2003 R2 x86) nor on the DC (SBS 2011) to renew it. I used the certutil command and looked up in the Certification Authority of SBS 2011. The SBS 2011 Server has a GoDaddy certificate which include SERVER1.dmn.local name. Could I bind this one to RSA ? If so, how do I have to proceed please ?

Certificate: server1
       Help on this pageTopics... Skip Topics...
SSL Certificates for Identity Sources
Add an Identity Source SSL Certificate
Edit Identity Source SSL Certificates
 
  View Certificate  

View the details of this SSL certificate.

 
   Required field  
Certificate Basics  
 Certificate Name: The certificate name must be a unique identifier from 1 to 255 characters.  server1
 Notes:  You may enter up to 255 characters of text. server1
 
Certificate Details  
 Version:    3
 Serial Number:    45***********************75
 Signature Algorithm:    SHA1withRSA
 Issuer:    CN=dmn-SERVER1-CA
 Valid From:    Jan 25, 2013 1:12:56 PM CET
 Valid To:    Jan 25, 2014 1:12:56 PM CET
 Subject:    CN=SERVER1.dmn.local
 Public Key:    Sun RSA public key, 2048 bits modulus:  ************************************************************************************************************************************************

If RSA still works well, what is this certificate for ?


Thank you in advance for your help, best regards,


PS : By the way, if someone know a good and crystal clear explicit course about certificates on Windows Server...
0
Comment
Question by:jet-info
2 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Look within the service/computer stores.  The certificate may have been used initially as test while the real/functional certificate was being acquired.

Based on the information it is not a self-signed CA.  The certificate was issued by an Internal CA (Issuer: dmn-SERVER1-CA). Check your CA and see what the purpose for this certificate.

self-signed means that NO CA was involved.
i.e. IIS self signed certificate as an example.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Probably you should catch first the 172 to 177 to see if it helps. There is a long life SSL signed cert by internal RSA CA and unique in each deployment. Also note the specific in pg 173 on the use of 3rd party cert and the requirement for importing cert and the replacement of the expired cert.

http://www.emc.com/collateral/15-min-guide/h12276-am8-administrators-guide.pdf

I suspect there is couple of cert and we need to activate the SSL cert in the server so that it is the actual one running live. The replacement of the active console cert has to be done before it expired else when the console cert expired, you (rightfully) should not be able to start the Auth server after it is stopped. There is RSA tool in the pdf stated to help to perform manual replacement and restart service again.

Best to have support confirm if not sure since this is specific to RSA product
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now