000029763 - RSA NetWitness Endpoint RSA Live configuration error, Could not establish trust relationship for the SSL/TLS secure channel

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Dec 25, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029763
Applies ToRSA Product Set: NetWitness Endpoint formerly ECAT
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.x
Platform: Windows Server 2012
IssueIn the RSA NetWitness Endpoint UI, when trying to configure the RSA Live through the Monitoring and External Components returns the error: "Unknown error occurred Error = Could not establish trust relationship for the SSL/TLS secure channel".
User-added image
CauseThis is caused by the Endpoint SQL Server database having an incorrect MasterServerCertHash value in the ECAT$PRIMARY].[dbo].ApplicationSetup] table.
User-added image
  1. On the Endpoint Server navigate to the location where Endpoint Server software was installed, default directory C:\Program Files\RSA\ECAT\Server
  2. Open the ConsoleServer.Exe.Config file.
  3. Find the "LocalHttpsServerCertHash" line that appears like the below example

    <add key="LocalHttpsServerCert" value="EcatServerExported"/>
    <add key="LocalHttpsServerCertHash" value="B3E17A38985B46132335A13DC11F1758C9CD68A4"/>
    <add key="LocalHttpsClientCert" value="EcatClientExported"/>

  4. Copy the hash value and on the Endpoint SQL Server machine open the Microsoft SQL Server Management Studio program.
  5. Navigate to Databases > app, and open a "New Query".
  6. Run the following SQL query and confirm the MasterServerCertHash value doesn't match the value seen in the ConsoleServer.Exe.Config file.

    select MasterServerCertHash from [ECAT$PRIMARY].[dbo].ApplicationSetup

  7. After confirming the MasterServerCertHash value doesn't match then update the record with the SQL command

    update [ECAT$PRIMARY].[dbo].ApplicationSetup set [MasterServerCertHash]=0x{hex string from ConsoleServer.Exe.Config file}

    Substitute {hex string from ConsoleServer.Exe.Config file} with the correct value.

    For the above example hex string, the SQL will appear like,

    update [ECAT$PRIMARY].[dbo].ApplicationSetup set [MasterServerCertHash]=0xB3E17A38985B46132335A13DC11F1758C9CD68A4

    Repeat the SQL query in Step 5 to check the correct MasterServerCertHash value is now inserted.
  8. Validate that the RSA Live configuration can now be set in the Endpoint UI.