NetWitness Community

jAMESHERBST · ‎2017-03-16

Good afternoon all,

I'm trying to restore my #custom certificates by restoring my backup copies of jetty-ssl.xml and my keystore which contains the certificates. I'm running into an issue with puppet overwriting my restored backups though. What step am I missing here?##

1) service puppetmaster stop

2) cp jetty-ssl.xml.custom /opt/rsa/jetty9/etc/jetty-ssl.xml

3) cp keystore_custom /opt/rsa/jetty9/etc/keystore

4) service puppetmaster start

5) puppet agent -t

- <Set name="KeyStorePath"><Property name="jetty.keystore" default="/opt/rsa/jetty9/etc/keystore"/></Set>
- <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:custompassword"/></Set>
- <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:custompassword"/></Set>
- <Set name="TrustStorePath"><Property name="jetty.truststore" default="/opt/rsa/jetty9/etc/keystore"/></Set>
- <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:custompassword"/></Set>
+ <Set name="KeyStorePath"><Property name="jetty.keystore" default="/opt/rsa/carlos/keystore"/></Set>
+ <Set name="CertAlias"><Property name="jetty.keystore.alias" default="carlos"/></Set>
+ <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:original_password"/></Set>
+ <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:riginal_password"/></Set>
+ <Set name="TrustStorePath"><Property name="jetty.truststore" default="/opt/rsa/carlos/keystore"/></Set>
+ <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1riginal_password"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeProtocols">

jeffshurtliff · ‎2017-03-16

Hi James,

In version 10.4.0.2 and above the jetty-ssl.xml file was added to the puppet manifest, which means puppet will overwrite the /opt/rsa/jetty9/jetty-ssl.xml file with the /etc/puppet/modules/saserver/files/jetty-ssl.xml file on each puppet catalog run.

You'll want to take a look at Page 5 in the article entitled https://community.rsa.com/docs/DOC-41332 which explains how to handle this.

Thanks,
Jeff

View solution in original post

jeffshurtliff · ‎2017-03-16

Hi James,

In version 10.4.0.2 and above the jetty-ssl.xml file was added to the puppet manifest, which means puppet will overwrite the /opt/rsa/jetty9/jetty-ssl.xml file with the /etc/puppet/modules/saserver/files/jetty-ssl.xml file on each puppet catalog run.

You'll want to take a look at Page 5 in the article entitled https://community.rsa.com/docs/DOC-41332 which explains how to handle this.

Thanks,
Jeff

jAMESHERBST · ‎2017-03-16

Jeff,

Thanks for the quick reply and for pointing that out! I've used this guide several times and I can't believe I didn't remember seeing that. I even made a backup of the /files/ directory and didn't remember it. I will put my copy in the puppet modules path this time and run it again. I'll follow up on this thread shortly!

Regards,

James

jAMESHERBST · ‎2017-03-16

Jeff, that absolutely did the job. Thanks again!

Regards,

James

jeffshurtliff · ‎2017-03-16

Glad to hear it! Thanks for the update!

NetWitness Community

Restoring Jetty9 Keystore