000034042 - Jettysrv is unavailable after applying a .p12 for a PKI server certificate on Security Analytics

Document created by RSA Customer Support Employee on Sep 20, 2016Last modified by RSA Customer Support on May 13, 2019
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000034042
Applies ToRSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: NW Server
RSA Version/Condition: 10.5.x, 10.6.0.x, 10.6.1.x, 10.6.2.0
 
IssueWhen applying a certificate:
  1. Go to SA server Administration > Security
  2. Click on the PKI Settings tab
  3. Click the + under Server Certificates and add a web server certificate created as a .p12
  4. Select the server certificate by checking the checkbox listed next to the .p12
  5. Click on "Use as Server Certificate"

The Security Analytics web interface will no longer be available, jettysrv will not start and you will see in 
/opt/rsa/jetty9/logs/stderrout.log:
 

java.io.FileNotFoundException: /opt/rsa/carlos/truststore-
pki.p12 (No such file or directory)
CauseNW Server expects that the Trusted CA file(s) be uploaded before applying a Server certificate. If the Trusted CA file(s) have not been uploaded, jettysrv will be looking for the Trusted CA file(s) at /opt/rsa/carlos/truststore-pki.p12.
ResolutionThe issue is fixed in version 10.6.2.1
WorkaroundIf you have not applied the server certificate for PKI authentication then, before doing so add the Trusted CA file(s) for the server certificate(s):
  1. Go to SA server Administration > Security
  2. Click on the PKI Settings tab
  3. Click the + under Trusted CAs and add the CA trusted CA certificate file(s)

If you have already applied the server certificate for PKI authentifcation and jettysrv does not start:
  1. SSH into the Security Analytics server
  2. Copy the Server Certificate to truststore-pki.p12 by running:

    cp /opt/rsa/carlos/keystore-pki.p12 /opt/rsa/carlos/trustore-pki.p12

  3. Restart jettysrv by running the following command:

    restart jettysrv


     

Attachments

    Outcomes