Procedure to replace the expired SSL certificate in Risk Authentication

Symantec Risk Authentication 9.1.x

Use these steps to identify Risk Authentication (RA) instances using an expired SSL certificate, switch them to TCP transport, and then reapply a new SSL certificate.

Step 1: Identify RA instances using the expired SSL certificate

Run this query (replace <RA_HOST_NAME> with the actual RA host name):

Step 2: Set Protocol Mode to TCP for those instances

Run this update (replace <RA_HOST_NAME> with the actual RA host name):

Step 3: Restart Risk Authentication services

Restart the Risk Authentication services on the affected RA instances.

Step 4: Save connectivity configuration in Admin Console

1. Open Admin Console → Global Admin → Risk Authentication Connectivity.
2. Set Transport to TCP in:
   • Risk Authentication Server Management Connectivity
   • Risk Authentication Administration Connectivity
3. Save the configuration.

Step 5: Refresh the cache

From the Admin Console, refresh the cache.

Step 6: Update RA instances with the new SSL certificate

After the cache refresh, the RA instances and protocols will be listed. Use that view to update the instances with the new SSL certificate.

Note: Replace every occurrence of <RA_HOST_NAME> with the real RA host name before running the SQL in Steps 1 and 2.