.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
12.4 - Hotfix for Intermittent Service Communication Issues - SafeLogic SSL patch
Issue
Some core services are showing offline in the GUI after upgrade to 12.4.0. Services are running on the CLI without issue. The Investigate UI sometimes shows "is this a NextGen device?", and investigations are unable to be run.
Tasks
- Download and install the hotfix from this KB
- Follow the instructions below, the salt commands are appended with >> to write the output of the commands to a file, if this KB doesn't fix your issue, please include these .out files when opening a NetWitness Support case.
Resolution
- Save the RPM to the Admin Server under /root/, using SCP or other means available to your environment.
- SSH to the Admin Server
- Copy the RPM from /root/ to /var/netwitness/common/repo:
# cp /root/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm /var/netwitness/common/repo/.
- Use the salt cmd.run to check the currently installed version of the Safelogic RPM:
# salt '*' cmd.run "openssl3 version" >> safelogic_prehotfix.out
- Use the salt cmd.run to copy the RPM from the Admin Server to all the hosts:
# salt "*" cmd.run "wget --no-check-certificate https://nw-node-zero/nwrpmrepo/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm" >> safelogic_download.out
- Use the salt cmd.run to uninstall the old version of of the Safelogic RPM. IGNORE WARNING - "warning: file /usr/local/bin/openssl: remove failed: No such file or directory"
# salt '*' cmd.run "rpm -e safelogic-openssl-3.0.12d-1.el8.x86_64 --nodeps" >> safelogic_removal.out
- Use the salt cmd.run to install the new RPM on all hosts:
# salt '*' cmd.run "rpm -Uvh safelogic-openssl-3.0.13b-1.el8.x86_64.rpm" >> safelogic_install.out
- Use the salt cmd.run to verify the OpenSSL3 version is OpenSSL 3.0.13+SL_CCS-2.1.2+b 30 May 2024:
# salt '*' cmd.run "openssl3 version" >> safelogic_version.out
- Once everything shows OpenSSL 3.0.13+SL_CCS-2.1.2+b 30 May 2024 from the openssl3 version command, reboot the devices or restart core services on all devices.
Notes
If your output file for Step 7 has lines such as:
error: open of <!DOCTYPE failed: No such file or directory
error: open of html> failed: No such file or directory
error: open of <html> failed: No such file or directory
error: open of <head> failed: No such file or directory
error: open of <link failed: No such file or directory
then the
wget command ran and shows successful, but it was blocked in some way.
error: open of html> failed: No such file or directory
error: open of <html> failed: No such file or directory
error: open of <head> failed: No such file or directory
error: open of <link failed: No such file or directory
AND/OR
The output of Step 8 does not show a May 2024 date, the commands and RPM will need to be copied manually to the hosts and run locally:
- Copy the RPM from the Admin Server to the Host:
# scp /root/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm root@ <IP> /root/
- SSH to the Host and uninstall the RPM:
# rpm -e safelogic-openssl --nodeps
- Install the new RPM:
# rpm -Uvh safelogic-openssl-3.0.13b-1.el8.x86_64.rpm
- Verify the OpenSSL3 version has a May 2024 build date:
# openssl3 version
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: Security
RSA Version/Condition: 12.4.0
Platform: Alma Linux
O/S Version: EL8
Approval Reviewer Queue
Technical approval queue