Article Number
000002060
Applies To
RSA Product Set: NetWitness Platform
RSA Product/Service Type: RSA NetWitness Platform
RSA Version/Condition: 11.6.x
Platform: CentOS
O/S Version: 7
Issue
Upgrade failed when custom certificates are added to truststore.pem
Cause
The upgrade fails when a custom certificate is added to truststore.pem and shows the following symptoms:
1. When an upgrade is attempted for a node x (Host) or node 0 (Admin node) with custom certificates placed at the beginning of /etc/pki/nw/trust/truststore.pem the chef run fails with the below error in /var/netwitness/config-management/chef-solo.log.
FATAL: No valid NW hosts data was available, aborting
2. The upgrade fails with the following errors when you run orchestration-cli-client --list-hosts.
ERROR 31131 --- [ main] c.r.client.impl.SocketFrameHandler: TLS connection failed: Certificate signature validation failed
ERROR 31131 --- [ main] c.r.n.i.o.c.OrchestrationApplication: Application startup failed
Resolution
1. Login to the host.
2. Stop rabbitmq-server using the following command:
systemctl stop rabbitmq-server
3. Backup /etc/pki/nw/trust/truststore.pem using the following command:
cp /etc/pki/nw/trust/truststore.pem /root/
4 . Run the below command to prepend the correct ca (certificate authority) certificate to the truststore:
cat /etc/pki/nw/ca/nwca-cert.pem | cat - /etc/pki/nw/trust/truststore.pem > /tmp/out && mv -f /tmp/out /etc/pki/nw/trust/truststore.pem
5. Verify that orchestration-cli-client --list-hosts is now running successfully on the host.
