This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Reissue Certificates Errors

yazantaleb01
Contributor
Contributor

‎2024-01-02 03:19 AM

Hello,

I received a critical notification indicating that  some internal certificates used be NetWitness are going to be expired after a few days.

To renew those certificates I followed the official documentation article (https://community.netwitness.com/t5/netwitness-platform-online/reissue-certificates/ta-p/669797)

After running the mention script on the Admin server, multiple errors appeared, and the whole platform went offline.

I'm able to login to the platform but whenever I try to open the any page I get this error:

yazantaleb01_0-1704182777655.png

After some investigation, I fount out that something caused  the script to break and it didn't complete the full job, and the old certificates used by the services were deleted and didn't be replaced, so I tried to manually provide the certificates for each service but this process is very complicated and will take a lot of time.

So I restored the old certificates hoping that I can at least operate the platform and try to reissue the certificates again.

But I'm still facing certificates related error messages.

Here are some of the error messages:

 

yazantaleb01_1-1704183090978.png

/var/log/messages:

 

NgNativeReader_NwBroker-FastUpdate: nwsdk failure: NwOpen returned 0; code 0; error: Could not create trusted session: server could not validate and trust our certificate; thread 2366

 

Admin Server logs:

https-jsse-nio-7009-exec-5] WARN Security|Certificate for CN=netwitness-backend,OU=NetWitness,O=RSA,L=Reston,ST=VA,C=US issued by C=US, ST=VA, L=Reston, O=RSA, OU=NetWitness, CN=NetWitness Intermediate CA is not trusted

 

Also I cannot run "cert-reissue" because of the following error:

 

ERROR 98308 --- [ main] c.r.n.i.o.c.OrchestrationApplication : Application startup failed

 

Is there anything can be done to restore the platform again?

 

Thanks in Advance.

 

0 Likes
7 REPLIES 7

Omar_Imam
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2024-01-02 07:19 AM

Hello Yazan,

.

Kindly note that the process automatically backs up the certificates in /etc/pki/nw_installer.backup. You can use the contents of that directory to replace the contents in /etc/pki/nw/ if the old certificates have not expired yet. 

It is preferable you open a ticket with the support, they will be able to join and help you reissue those certificates.

 

Thanks

0 Likes

yazantaleb01
Contributor
Contributor
In response to Omar_Imam

‎2024-01-02 07:26 AM

Hello Omar,

Actually, this is exactly what I've done, I've restored the contents of (nw_installer.backup) as you mentioned and I can see the old certificates

But major errors still appear which prevent the platform from being started.

Regarding the support, there are some points that will take a long time before we can open a support ticket, and we need to solve this problem urgently.

 

0 Likes

Omar_Imam
Occasional Contributor Occasional Contributor
Occasional Contributor
In response to yazantaleb01

‎2024-01-02 07:28 AM

Can you share the errors (or the whole log file) found in /var/log/netwitness/config-management/chef-solo.log? This should show us the errors that caused the re-issue process to fail.

0 Likes

yazantaleb01
Contributor
Contributor
In response to Omar_Imam

‎2024-01-04 02:07 AM

Hello,

Here are the errors which appear when trying to  execute 'cert-reissue' along with 'chef-solo.log' contents:

 

 

yazantaleb01_0-1704351488062.png

 

******************************************************************************************************************************************** 

 

Web capture_4-1-2024_10613_.jpeg

 

Thanks.

0 Likes

yazantaleb01
Contributor
Contributor
In response to yazantaleb01

‎2024-01-04 08:17 AM

Here is the errors while executing 'chef-client' that I expect it's being called by the 'cert-reissue' command:

 

chef-client.png

 

Regards.

0 Likes

Omar_Imam
Occasional Contributor Occasional Contributor
Occasional Contributor
In response to yazantaleb01

‎2024-01-08 03:57 AM

Can you try testing the deploy_admin password on all 4 services and make sure the account is not locked/expired?

You can use the below commands:

1) security-cli-client -p -u deploy_admin -k '<depoly-admin password>'

2) mongo admin -u deploy_admin -p <deploy_admin pw>

3) rabbitmqctl authenticate_user deploy_admin <deploy_admin pw>

4) security-cli-client --get-config-prop --prop-hierarchy nw.security-client --prop-name platform.deployment.password

 

Note: if the certificates are expired, some of those commands will timeout

 You can also check the below article to unlock the user:

https://community.netwitness.com/t5/netwitness-knowledge-base/how-to-unlock-deploy-admin-password-in-netwitness-platform/ta-p/677241

 

This issue seems complex enough that I recommend you reach out to support for a quicker/better resolution:

https://community.netwitness.com/t5/support-information/how-to-contact-netwitness-support/ta-p/563897

h3ll
New Contributor
New Contributor
In response to yazantaleb01

‎2024-06-19 05:50 AM

Has your issue been solved? I encountered the same problem.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.