000029391 - Jetty Server always reverts back to default jetty-ssl.xml configuration after replacing the certificate in RSA Security Analytics 10.4.0.2

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029391
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI
RSA Version/Condition: 10.4.0.2
Platform: CentOS
O/S Version: EL6
 
IssueAfter changing the jetty-ssl.xml file to replace the self-signed certificate, the jetty-ssl.xml file always reverts back to the previous xml configuration.
CauseAs documented in the knowledgebase article entitled Custom SSL certificate on web interface is removed after upgrading to RSA Security Analytics 10.4.0.2, in order to resolve some FIPS-related issues within Security Analytics, version 10.4.0.2 includes a Puppet module that changes the Jetty 9 web server keystore path from /opt/rsa/jetty9/etc/keystore to /opt/rsa/carlos/keystore, which is the default puppet keystore.
This forces the Puppet CA certificate to be used for the user interface.
ResolutionIn order to resolve the issue, follow the instructions in the knowledgebase article entitled How to Install a Public CA Certificate on RSA Security Analytics 10.4.0.2, paying particular attention to page 5 as it will be necessary to edit the puppet recipe for the jetty-ssl.xml file.
If a backup was created of the jetty-ssl.xml file prior to upgrading to version 10.4.0.2, the procedure in the article entitled Custom SSL certificate on web interface is removed after upgrading to RSA Security Analytics 10.4.0.2 may be followed to more quickly apply the changes.

Attachments

    Outcomes