Customers on version 10.6.x or earlier of the RSA NetWitness Platform may have internal platform-issued security certificates that are about to expire or are already expired.
Troubleshooting
- Issue: The following error is displayed on the NetWitness Platform UI while running the certificate renewal script.
ssh: Could not resolve hostname: Name or service not known
exiting; no certificate found and waitforcert is disabled
- In NetWitness Platform, go to Admin > Hosts.
- In Hosts view, select the host and click Enable.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Issue: The following error is displayed on the NetWitness Platform UI.
Enable Failed: Please click to retry.
- Click the retry button to reattempt the enablement process.
- If unsuccessful contact RSA NetWitness Support for further assistance.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Issue: Certificate is not renewed for the host.
- Workaround:
- SSH to the specific host. Run the puppet agent to check for any error in the host:
# puppet agent -t
- If an error is found, fix the error and run the 10-6-cert-renewal.sh script again.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Issue: Certificate is not renewed for the WLC host.
- Cause: When you review the log for errors, errors may occur if a WLC is unreachable, or if the IP address, username, or password is incorrect. The script ignores systems that are not WLCs.
- Workaround:
- ?In the wlc-systems file, remove all the entries and add ONLY the details of the WLC hosts whose certificates are not renewed.
- Renew the certificates. For more information, see above section Renew certificates that have expired or have not yet expired for Windows Legacy Collector (WLC) hosts.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Issue: The Windows Legacy Collector is showing a shovel error (red circle) on a Log Collector under the Remote Collectors Tab.
- Workaround:
Follow the steps below:
- In NetWitness Platform, go to Config > Remote Collectors on any Log Collectors that are pulling from the affected WLC. Select the LC/VLC service to check the state of the shovel.