Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034042 - Jettysrv is unavailable after applying a .p12 for a PKI server certificate on Security Analytics

Document created by RSA Customer Support

on Sep 20, 2016•Last modified by RSA Customer Support on May 13, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034042
Applies To	RSA Product Set: RSA NetWitness Logs & Network RSA Product/Service Type: NW Server RSA Version/Condition: 10.5.x, 10.6.0.x, 10.6.1.x, 10.6.2.0
Issue	When applying a certificate: Go to SA server Administration > Security Click on the PKI Settings tab Click the + under Server Certificates and add a web server certificate created as a .p12 Select the server certificate by checking the checkbox listed next to the .p12 Click on "Use as Server Certificate" The Security Analytics web interface will no longer be available, jettysrv will not start and you will see in /opt/rsa/jetty9/logs/stderrout.log: java.io.FileNotFoundException: /opt/rsa/carlos/truststore- pki.p12 (No such file or directory)
Cause	NW Server expects that the Trusted CA file(s) be uploaded before applying a Server certificate. If the Trusted CA file(s) have not been uploaded, jettysrv will be looking for the Trusted CA file(s) at /opt/rsa/carlos/truststore-pki.p12.
Resolution	The issue is fixed in version 10.6.2.1
Workaround	If you have not applied the server certificate for PKI authentication then, before doing so add the Trusted CA file(s) for the server certificate(s): Go to SA server Administration > Security Click on the PKI Settings tab Click the + under Trusted CAs and add the CA trusted CA certificate file(s) If you have already applied the server certificate for PKI authentifcation and jettysrv does not start: SSH into the Security Analytics server Copy the Server Certificate to truststore-pki.p12 by running: cp /opt/rsa/carlos/keystore-pki.p12 /opt/rsa/carlos/trustore-pki.p12 Restart jettysrv by running the following command: restart jettysrv

Attachments

Outcomes

0 Comments

Recommended Content