Skip to content
  • There are no suggestions because the search field is empty.

How to handle when UI in RSA NetWitness Platform cannot access as the Certificates already expired

Issue

NetWitness UI cannot access as the Certificates have expired. You can check from the following command whether Certificates has expired or not. 

# openssl x509 -enddate -noout -in /etc/pki/nw/service/rsa-nw-security-server-cert.pem

Resolution

If the Certificates have already expired, we have the only option to backup/re-image/restore the Admin Server and then reorchestrate from node-x to node-0. 

In this case for the backup/restore, We cannot use NRT Tool as it will be restored old certs. Here is the only possibility to backup from the old Admin Server and restore it to the new re-imaged Admin Server for Reporting engine/ESA rules and templates/Context Hub/Dashboard and Dashlets manually or using mongoexport and mongoimport.

The detailed steps are mentioned below:

------------------------------------------------------------------
Backup and Restore ESA rules and templates:
------------------------------------------------------------------

From the old Admin Server, run the following mongo commands to get ESA rules and templates:
 
mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>' --authenticationDatabase admin --db sa --collection rule --out rule.json
mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>' --authenticationDatabase admin --db sa --collection ruleTemplate --out ruleTemplate.json

Move the exported json files from the old Admin Server to the new Admin Server (for e.g. under /root) and then import using the following commands:
 
mongoimport -u deploy_admin --db sa --collection rule --authenticationDatabase admin -p '<deploy_admin password>' --file /root/rule.json --type JSON
mongoimport -u deploy_admin --db sa --collection ruleTemplate --authenticationDatabase admin -p '<deploy_admin password>' --file /root/ruleTemplate.json --type JSON

------------------------------------------------------------------
Backup and Restore of Reporting engine:
------------------------------------------------------------------

From the old Admin Server, run the following commands to get the reporting engine folder as a backup:

1. Stop reporting engine
systemctl stop rsasoc_re

2. Take back up of reporting-engine directory
mv /var/lib/netwitness/re-server/rsa/soc/reporting-engine /var/lib/netwitness/re-server/rsa/soc/reporting-engine-old
Copy the entire "reporting engine" folder in some backup location.

Login to the new re-imaged Admin Server and run the below commands:

1. Stop reporting engine. Stop reporting engine
systemctl stop rsasoc_re

2. Move backup reporting engine directory under soc directory in the new Admin Server    
cp <PATH OF THE BACKUP of reporting engine folder> /var/lib/netwitness/re-server/rsa/soc/

3. Change ownership to rsasoc   
cd /var/lib/netwitness/re-server/rsa/soc/   
chown -R rsasoc:rsasoc reporting-engine/ 

4. Start the reporting engine service   
systemctl start rsasoc_re

-----------------------------------------------------------------------
Backup and Restore of dashboard and Dashlets:
------------------------------------------------------------------------

From the old Admin Server, run the following mongo commands to get dashlets and dashboards:

mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>' --authenticationDatabase admin --db sa --collection dashlet --out olddashlet.json
mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>'--authenticationDatabase admin --db sa --collection olddashboard --out olddashboard.json

Backup the default dashboards and dashlets on the new admin node from mongo

mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>' --authenticationDatabase admin --db sa --collection dashlet --out newdashlet.json
mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>'--authenticationDatabase admin --db sa --collection dashboard --out newdashboard.json

Perform the following after logging into mongo on the new admin node

db.dashboard.remove({})
db.dashlet.remove({})

Move the exported json files from the old Admin Server to the new Admin Server (for e.g. under /root) and then import using the following commands

mongoimport -u deploy_admin --db sa --collection dashlet --authenticationDatabase admin -p '<deploy_admin password>' --file /root/olddashlet.json --type JSON
mongoimport -u deploy_admin --db sa --collection dashboard --authenticationDatabase admin -p '<deploy_admin password>' --file /root/olddashboard.json --type JSON

NOTE: Please do not run mongoimport twice otherwise file will override and you will loose data. It has to run only one time.

---------------------------------------------------------------
Back up and restore of Context hub
---------------------------------------------------------------

Run below export command on old Admin Server

mongoexport --ssl --sslAllowInvalidHostnames -u deploy_admin -p '<deploy_admin password>' --authenticationDatabase admin --db contexthub-server --collection ds_meta --out ds_meta.json

Move the exported json files from the old Admin Server to the new Admin Server (for e.g. under /root) and then import using the following commands

mongoimport -u deploy_admin --db contexthub-server --collection ds_meta --authenticationDatabase admin -p '<deploy_admin password>' --file /root/ds_meta.json --type JSON

After importing mongo json, restart contexthub-server by running the below command

systemctl status rsa-nw-contexthub-server

Once the restart is done, context-hub enrichments on ESA needs to be re-created.

---------------------------------------------------------------
Re-orchestration from node-x to node-0
---------------------------------------------------------------
You can follow the steps on this article:  How to migrate an existing core appliance to a new nw-node-zero in RSA NetWitness Platform 11.x


Product Details

RSA Product Set: NetWitness Platform
RSA Product/Service Type: NetWitness Server
RSA Version/Condition: 11.x

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue