Article Number
000003157
Applies To
Product Set: NetWitness Platform
Product/Service Type: Admin server & Node-X
Version/Condition: 12.4 or later
Platform: Alma Linux
Product/Service Type: Admin server & Node-X
Version/Condition: 12.4 or later
Platform: Alma Linux
Issue
NetWitness Platform upgrade , if an incorrect or corrupted node-cert.chain cert is used, it will cause a communication breakdown between the Admin server and Node-Xs.
Certificate Chain Probe status fails and shows the messages below:
Image description
Certificate Chain Probe status fails and shows the messages below:
One or more of the following certificates are messed up : node-cert.chain, node-cert.pem, ssca-cert.pem, nwca-cert.pem
Image descriptionCause
The admin server and the node-x server will encounter communication breakdown if the node-cert.chain file is inaccurate or corrupted, or if it does not contain the node-cert.pem, ssca-cert.pem, and nwca-cert.pem.
Resolution
1. The
2. Verify the certificates in the node-cert.chain file are in the same order as mentioned above and that the certificates are correct.
Image description
3. The different certificates can be verified from the following files:
Image description
Image description
Image description
4. If any one of the three certs are incorrect within the node-cert.chain file or node-cert.chain file is corrupted in some way, please follow any one of the below methods to fix the issue.
Please find below two methods to correct node-cert.chain file:
Method 1:
Manually edit the node-cert.chain file so that it matches the contents of node-cert.pem, ssca-cert.pem, and nwca-cert.pem certs in the order mentioned here.
Method 2 (Best Practice):
Perform the following commands as root to correct the node-cert.chain file or create a new file
After successfully running the commands, verify the node-cert.chain file to make sure that it matches the contents of node-cert.pem, ssca-cert.pem, and nwca-cert.pem files in the mentioned order.
node-cert.chain file is a concatenation of the following files in the mentioned order: node-cert.pem, ssca-cert.pem and nwca-cert.pem.2. Verify the certificates in the node-cert.chain file are in the same order as mentioned above and that the certificates are correct.
node-cert.chain path : /etc/pki/nw/node/node-cert.chain
cat /etc/pki/nw/node/node-cert.chain
Image description3. The different certificates can be verified from the following files:
node-cert.pem file path: /etc/pki/nw/node/node-cert.pemcat /etc/pki/nw/node/node-cert.pem
Image descriptionssca-cert.pem file path : /etc/pki/nw/ca/ssca-cert.pemcat /etc/pki/nw/ca/ssca-cert.pem
Image descriptionnwca-cert.pem file path : /etc/pki/nw/ca/nwca-cert.pemcat /etc/pki/nw/ca/nwca-cert.pem
Image description4. If any one of the three certs are incorrect within the node-cert.chain file or node-cert.chain file is corrupted in some way, please follow any one of the below methods to fix the issue.
Please find below two methods to correct node-cert.chain file:
Method 1:
Manually edit the node-cert.chain file so that it matches the contents of node-cert.pem, ssca-cert.pem, and nwca-cert.pem certs in the order mentioned here.
Method 2 (Best Practice):
Perform the following commands as root to correct the node-cert.chain file or create a new file
# cp /etc/pki/nw/node/node-cert.chain /root/node-cert.chain.bakup # cat /etc/pki/nw/node/node-cert.pem /etc/pki/nw/ca/ssca-cert.pem /etc/pki/nw/nwca-cert.pem > /etc/pki/nw/node/node-cert.chainThis makes a backup copy of the original node-cert.chain and then creates a new node-cert.chain file while pushing the contents of the three required pem files into it. This creates a new clean chain file.
After successfully running the commands, verify the node-cert.chain file to make sure that it matches the contents of node-cert.pem, ssca-cert.pem, and nwca-cert.pem files in the mentioned order.
In this article
