000032030 - RabbitMQ has a corrupted truststore after a SecOps integration with RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032030
Applies ToRSA Product Set: Security Analytics, Security Operations Management (SecOps)

RSA Version/Condition: 10.5.x, 10.4.x

Platform: CentOS

Platform (Other): RabbitMQ

O/S Version: EL6
IssueThe RabbitMQ service is showing the following error in /var/log/messages:
Nov 27 15:57:59 RSA-VLC nw[1807]: [BufferedChannel] [failure] An error occurred publishing to an AMQP channel: Error in setting CA certificate for socket

CauseThis issue occurs because the RabbitMQ truststore.pem file was corrupted due to a SecOps integration and must be replaced with a previous,working version.
ResolutionTo resolve the issue, follow the steps below.
  1. SSH to the SA server as the root user.
  2. Change directory to /etc/puppet/modules/rabbitmq/files
  3. Backup current truststore.pem file:
    cp truststore.pem truststore.pem.old

  4. Replace the current truststore.pem with a good one.
  5. SSH to each appliance
  6. Change directory to /etc/rabbitmq/ssl
  7. Backup the current truststore.pem:
    mv truststore.pem truststore.pem.old

  8. Run puppet agent -t on every appliance
  9. Restart the rabbitmq service:
    service rabbitmq-server restart

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.