Does not affect systems installed at DLP 9.5 or later
DLP Network (does not affect DLP Datacenter or Endpoint)
NW devices appear offline on Enterprise Manager user interface
Unable to communicate with NW devices
Cannot push Policy Updates to NW Devices
Cannot add additional NW devices
NW Events still reported on EM
If the Certificate on your DLP Network Controller has expired, all Network appliances will appear down, yet Events will continue to appear in the Enterprise Manager.
System will also be unable to add additional NW devices or push Configuration changes or Policy Updates to NW Devices
Here are the steps to renew this certificate.
Step 1:
If DLP 9.5 or greater DO NOT USE THIS PROCEDURE,
Go to the RSA DLP 9.5 Maintenance Guide: https://knowledge.rsasecurity.com/docs/rsa_edp/dlp_95/RSA%20DLP%209.5%20Maintenance%20Guide.pdf
Then use the procedure listed on page 76 of the RSA DLP 9.5 Maintenance Guide
If DLP 9.0, skip to Step 2
If DLP 8.x continue.
Make a back up copy of the original file initssl.sh which is located at /opt/tablus/bin/initssl.sh
Copy the 9.0 initssl.sh script to /opt/tablus/bin directory on the Network Controller
The 9.0 script is uploaded to the sftp site:
https://sftp.rsa.com/human.aspx?Username=support&password=Password1&arg01=857699950&arg12=downloaddirect&transaction=signon&quiet=true
Step 2: Confirm time sync
Check the time on the Enterprise Manager host
Check the time on the Network Controller host
Confirm that these times are in sync
Step 3: Renew the certificate
Log into the DLP Network Controller as the Tablus user.
From the Tabmenu
Stop the DLP Network Controller services
Exit to shell
Navigate to directory: /home/tablus
Run the command: /opt/tablus/bin/initssl.sh
If the command fails see note below on file owner / permissions
Step 4: Verify
Run the command below to confirm that the certificate has been updated.
Navigate to the directory: /usr/java/default/bin/
Run the command:
./keytool -list -v -keystore /opt/tablus/config/keystore -storepass tablus -alias jetty
Note: there are dashes in the command above that may not be displayed properly by some versions of Internet Explorer
Step 5:
Type tabmenu
Restart services on Network Controller
Log on to the Enterprise Manager host
Confirm that Network appliances all appear up in the EM user interface
If the script initssl.sh fails to run you may need to change the file owner and/or permissions
File owner should be tablus
File owner requires execute permissions
chown tablus:tablus initssl.sh
chmod +x initssl.sh
If the script fails with a message 'bad interpreter', the file may have been converted to Windows format before being loaded on the Network Controller.
In this case you will need to change the file type back to linux by issuing the following command:
dos2unix initssl.sh
Related Articles
Unable to renew certificate from web enrollment server Number of Views Unable to renew system SSL certificates on Registration Manager 6.6.1 Number of Views Unable to renew certificate after clicking on a link to auto-renew-certificate.xuda page in email notification Number of Views DLP How to renew Enterprise Manager self signed certifcate Number of Views How to renew SSL server certificates with RSA Certificate Manager Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
