|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI
RSA Version/Condition: 10.4.0.2
O/S Version: EL6
|Issue||After changing the jetty-ssl.xml file to replace the self-signed certificate, the jetty-ssl.xml file always reverts back to the previous xml configuration.|
|Cause||As documented in the knowledgebase article entitled Custom SSL certificate on web interface is removed after upgrading to RSA Security Analytics 10.4.0.2, in order to resolve some FIPS-related issues within Security Analytics, version 10.4.0.2 includes a Puppet module that changes the Jetty 9 web server keystore path from /opt/rsa/jetty9/etc/keystore to /opt/rsa/carlos/keystore, which is the default puppet keystore.|
This forces the Puppet CA certificate to be used for the user interface.
|Resolution||In order to resolve the issue, follow the instructions in the knowledgebase article entitled How to Install a Public CA Certificate on RSA Security Analytics 10.4.0.2, paying particular attention to page 5 as it will be necessary to edit the puppet recipe for the jetty-ssl.xml file.|
If a backup was created of the jetty-ssl.xml file prior to upgrading to version 10.4.0.2, the procedure in the article entitled Custom SSL certificate on web interface is removed after upgrading to RSA Security Analytics 10.4.0.2 may be followed to more quickly apply the changes.