PAM RSA - [E] error SignatureVerifier.cpp 249 The certificate verification failed

book

Article ID: 141414

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

RSA Server was upgraded to 8.4 and RSA Authentication fails. aceclnt.log reports "[E] error SignatureVerifier.cpp 249 The certificate verification failed"

Cause

There are 2 known issues relating to this error.

1. RSA Server having wrong certificate (not having the ROOT CA Certificate but instead having a Server Certificate, or having wrong certificate completely)

https://community.rsa.com/docs/DOC-59195

2. RSA Root CA Certificate being SHA1 (Follow the steps outlined in the following KB to migrate to SHA2)

https://community.rsa.com/docs/DOC-76797

 

According to RSA support, SHA1 certificates would be migrated to SHA2 certificates when upgrading to RSA 8.2

If for some reason the certificates remain as SHA1 then the signature verification would fail.

 

Environment

Release : 3.2

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Resolve the RSA Certificate issue following the KB (https://community.rsa.com/docs/DOC-76797)

 

Then generate a new sdconf.rec from RSA and upload it to PAM Server.

Click "Clear NodeSecret" button on PAM GUI so the new sdconf.rec will be deployed.