Security Certificate Issued Was Not From A Trusted Certificate Authority

Since we migrated to the new RSA SecurID Appliances 3.0, we always get a Security Alert notification that the security certificate was not from a trusted Certificate Authority when logging on to the RSA Security Console.

 

To remove this alert, the following steps need to be carried out to save the RSA Self-Signed Root certificate on the RSA Authentication Manager’s admin console:

1.    Log on to the RSA Security Console via URL: https://<FQDN>:7004/console-ims
 

2.    Since this certificate is not trusted by the browser, a Security Alert warning is displayed. In Windows Internet Explorer, click Continue to this website (not recommended).

3.    Next, a red Address Bar and a certificate warning appears.
 

4.    Click the Certificate error button to open the information window
 

 

5.    Click View Certificates to continue. The web certificate is presented to you. Click on the top tab labelled Certification Path.

  

6.    Double click on the untrusted certificate "RSA Authentication Manager Root CA" and click Install Certificate... 

 

7.    The Certificate Import Wizard appears. Click Next to continue.

 

8.    Choose "Automatically select the certificate store based on the type of certificate" and click Next to continue.   

 

9.    Click Finish and follows by Yes to import the certificate when a warning message appears. Click OK to continue.

 

10.  Continue to click OK through the screens to get back to the main window.

 

These steps must be performed with Internet Explorer on any machine that will browser to the Authentication Manager Consoles.

Removing User's Permissions From Shared Folders

Due to change of job role, a user no longer has the needs to access a specific shared folder.  When we try to remove the permissions she has to the shared folder from the Security tab, the below message appears:

You cannot remove KANDTI\finmgr1 because this object is inheriting permissions from its parent. To remove KANDTI\finmgr1, you must prevent this object from inheriting permissions. Turn off the option for inheriting permissions, and then try removing KANDTI\finmgr1 again.

To remove the permissions which currently KANDTI\finmgr1 has to the shared folder without affecting the rest of the permissions for other users, the following steps were carried out:

1.     Log on to the Windows Server 2012 File Server which is running on Server Core.

2.     Open up the Task Manager by issuing the below command at the command prompt:

C:\taskmgr

3.     Click File > Run new task and click on the Browse… button.  The Windows Explorer will then appear.

4.     On the appeared Windows Explorer, locate the shared folder which we need to remove the user’s permissions.

5.     Right-click on the shared folder and from the context menu, click Properties.

6.     On the Properties box, click on the Security tab and click Advanced button.

7.     On the Advanced Security Settings box, make sure that Permissions tab is selected and click Disable Inheritance button to disable inheritance.

8.     On the Block Inheritance box, select Convert inherited permissions into explicit permissions on this object option to release all inherited permissions while copying the permissions on to the object.

9.     In order to force NTFS permissions of the current object onto the child objects, check Replace all child object permissions with inheritance permissions from those objects checkbox.

10.   Click Ok button to save the changes.

11.   Proceed to remove the user’s permission to the shared folder.