000034042 - Jettysrv is unavailable after applying a .p12 for a PKI server certificate on Security Analytics

Document created by RSA Customer Support Employee on Sep 20, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034042
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.5.x, 10.6.0.x,10.6.1.0
 
IssueWhen applying a certificate:
1. Go to SA server Administration > Security
2. Click on the PKI Settings tab
3. Click the + under Server Certificates and add a web server certificate created as a .p12
4. Select the server certificate by checking the checkbox listed next to the .p12
5. Click on "Use as Server Certificate"
The Security Analytics web interface will no longer be available, jettysrv will not start and you will see in 
/opt/rsa/jetty9/logs/stderrout.log:
 
java.io.FileNotFoundException: /opt/rsa/carlos/truststore-
pki.p12 (No such file or directory)
CauseSecurity Analytics expects that the Trusted CA file(s) be uploaded before applying a Server certificate. If the Trusted CA file(s) have not been uploaded jettysrv will be looking for the Trusted CA file(s) at /opt/rsa/carlos/truststore-pki.p12.
ResolutionThe issue is under review to be fixed in a future release of RSA Security Analytics.
WorkaroundIf you have not applied the server certificate for PKI authentication then, before doing so add the Trusted CA file(s) for the server certificate(s):
1. Go to SA server Administration > Security
2. Click on the PKI Settings tab
3. Click the + under Trusted CAs and add the CA trusted CA certificate file(s)
If you have already applied the server certificate for PKI authentifcation and jettysrv does not start:
1. SSH in to the Security Analytics server
2. Copy the Server Certificate to truststore-pki.p12 by running:
cp /opt/rsa/carlos/keystore-pki.p12 /opt/rsa/carlos/trustore-pki.p12

3. Restart jettysrv by running the following command:
restart jettysrv

 

Attachments

    Outcomes