000013370 - Expired Log Collector certificate in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013370
Applies ToRSA Security Analytics
RSA Security Analytics 10.3
RSA Security Analytics Log Collector
IssueExpired Log Collector certificate in RSA Security Analytics.

The Log Collector has a warning message in the /var/log/messages file on the appliance similar to the following:



logcollector nw[11902]: [MessageBroker] [warning] warning 2014-03-04T11.36.43Z Certificate at "/etc/netwitness/ng/rabbitmq/ssl/keys/cacert.pem" will expire on 2014:03:15T11:36:43 (in 11 days, 0 hours, 0 minutes, and 0 seconds)#012



 

The Log Decoder is suddenly reporting SSL errors on its queue with errors similar to the following:



Jul 31 21:58:51 nwdec02 nw[1978]: [BufferedChannel] [failure] An error occurred publishing to an AMQP channel: Error in opening SSL/TLS connection for socket
Jul 31 21:58:51 nwdec02 nw[1978]: [AMQPClientBase] [failure] An error occurred creating an AMQP channel: Error in opening SSL/TLS connection for socket


ResolutionPlease contact RSA Customer Support, and reference this article ID for assistance with the actions required.
Legacy Article IDa67296

Attachments

    Outcomes