000030649 - "Header too long" error when running "puppet cert list" commands in RSA Security Analytics 10.4.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030649
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.4.x
Platform: CentOS
Platform (Other): Puppet
O/S Version: EL6
 
IssueWhen running the puppet cert list -all command on the Security Analytics Server, the error message "header too long" is returned.
[root@SA-SERVER ~]# puppet cert list -all                            
Error: header too long
[root@SA-SERVER ~]#

This issue could cause empty stats being shown in Administration -> Appliances as well as in Health & Wellness within the Security Analytics UI.
CauseThis issue generally occurs because there are empty or 0-byte .pem files in the /var/lib/puppet/ssl/ca/requests directory, as shown below.
[root@SA-SERVER ~]# ll /var/lib/puppet/ssl/ca/requests
total 0
-rw-r--r--. 1 root root 0 Jun 26 08:55 7cbe9348-4355-4c64-bf01-089e8111461f.pem
[root@SA-SERVER ~]#
WorkaroundIn order to resolve the issue, remove the 0-byte file(s) and run the puppet command again, as shown in the example below. 
[root@SA-SERVER ~]# ll /var/lib/puppet/ssl/ca/requests
total 0
-rw-r--r--. 1 root root 0 Jun 26 08:55 7cbe9348-4355-4c64-bf01-089e8111461f.pem
[root@SA-SERVER ~]# puppet cert list -all
Error: header too long
[root@SA-SERVER ~]# rm -f /var/lib/puppet/ssl/ca/requests/7cbe9348-4355-4c64-bf01-089e8111461f.pem
[root@SA-SERVER ~]# puppet cert list -all                         
+ "05ee0a32-12a8-4f41-9f7b-bf844c117a2d" (SHA256) 39:55:4D:B3:86:A1:CF:EE:CD:67:4B:51:02:9C:A5:6D:38:0D:AC:07:40:10:72:5E:C6:42:4E:19:F8:10:36:69
+ "20a45bc3-83b5-4b14-8982-fd0d57f8170a" (SHA256) 73:DC:F5:FA:AF:3E:6C:4F:66:66:85:01:C3:CB:74:01:22:7D:C2:4C:C8:92:2F:1C:82:AA:AF:70:3D:A8:1D:B9
+ "3b7e3562-d805-4aee-b04a-9906df9fd27a" (SHA256) BF:45:0E:98:EE:32:3F:18:F8:43:D5:BB:56:B7:E8:4A:F5:CC:F5:B1:0D:8F:2B:D3:8B:79:6A:93:29:B8:9E:75
[root@SA-SERVER ~]#

 
NotesIt may be necessary to restart the following services if the issue of empty stats is being observed:
  • puppetmaster --> service puppetmaster stop/start
  • puppet --> service puppet stop/start
  • rabbitmq-server --> service rabbitmq-server stop/start
  • collectd --> service collectd stop/start
  • mcollective --> service mcollective stop/start

Attachments

    Outcomes