.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Not able to start any core services on Admin Server due to error loading trusted certificate file.
[root@NWADMIN ~]# /usr/sbin/NwAppliance
(i) 2020-Oct-02 04:10:39 [Engine] RSA NetWitness Service Copyright 2001-2020, RSA Security Inc. All Rights Reserved.
(i) 2020-Oct-02 04:10:39 [Engine] Running appliance in console
(d) 2020-Oct-02 04:10:39 [Engine] [appliance](7f0718320940): Entering ServiceBase::Initialize()
(d) 2020-Oct-02 04:10:39 [Engine] [appliance](7f0718320940): ServiceBase::SetStatus(Stopped, Start Pending)
(a) 2020-Oct-02 04:10:39 [Engine] RSA NetWitness Service, Appliance 11.5.0.1 (Sep 9 2020) 64 bit Starting
(F) 2020-Oct-02 04:10:39 [Engine] Failed to start engine because of exception: Throw in function X509* nw::{anonymous}::getX509FromPEM(const boost::filesystem::path&)
Dynamic exception type: boost::exception_detail::clone_impl<nw::Exception>
std::exception::what: error loading trusted certificate file
[nw::ssl_error_tag*] = error:0E06D06C:configuration file routines:NCONF_get_string:no value error:0E06D06C:configuration file routines:NCONF_get_string:no value error:0E06D06C:configuration file routines:NCONF_get_string:no value error:02001002:system library:fopen:No such file or directory error:2006D080:BIO routines:BIO_new_file:no such file
[boost::errinfo_at_line_*] = 45
[boost::errinfo_file_name_*] = /etc/netwitness/ng/appliance/trustpeers/84907caf.0
[boost::errinfo_api_function_*] = BIO_new_file
(i) 2020-Oct-02 04:10:39 [Engine] RSA NetWitness Service Copyright 2001-2020, RSA Security Inc. All Rights Reserved.
(i) 2020-Oct-02 04:10:39 [Engine] Running appliance in console
(d) 2020-Oct-02 04:10:39 [Engine] [appliance](7f0718320940): Entering ServiceBase::Initialize()
(d) 2020-Oct-02 04:10:39 [Engine] [appliance](7f0718320940): ServiceBase::SetStatus(Stopped, Start Pending)
(a) 2020-Oct-02 04:10:39 [Engine] RSA NetWitness Service, Appliance 11.5.0.1 (Sep 9 2020) 64 bit Starting
(F) 2020-Oct-02 04:10:39 [Engine] Failed to start engine because of exception: Throw in function X509* nw::{anonymous}::getX509FromPEM(const boost::filesystem::path&)
Dynamic exception type: boost::exception_detail::clone_impl<nw::Exception>
std::exception::what: error loading trusted certificate file
[nw::ssl_error_tag*] = error:0E06D06C:configuration file routines:NCONF_get_string:no value error:0E06D06C:configuration file routines:NCONF_get_string:no value error:0E06D06C:configuration file routines:NCONF_get_string:no value error:02001002:system library:fopen:No such file or directory error:2006D080:BIO routines:BIO_new_file:no such file
[boost::errinfo_at_line_*] = 45
[boost::errinfo_file_name_*] = /etc/netwitness/ng/appliance/trustpeers/84907caf.0
[boost::errinfo_api_function_*] = BIO_new_file
Cause
NetWitness core services trustedpeers certificates soft linked to sa-server certificate and services stopped due to SA server .pem missing.
Resolution
Run the below command to regenerate the missing SA server certificate on Admin server
Syntax :
security-cli-client --get-certificates-for-service --service sa-server --output-dir /etc/pki/nw/peer/sa-server -u admin -k <password> -b 127.0.0.1
Example :
security-cli-client --get-certificates-for-service --service sa-server --output-dir /etc/pki/nw/peer/sa-server -u admin -k netwitness -b 127.0.0.1
security-cli-client --get-certificates-for-service --service sa-server --output-dir /etc/pki/nw/peer/sa-server -u admin -k <password> -b 127.0.0.1
Example :
security-cli-client --get-certificates-for-service --service sa-server --output-dir /etc/pki/nw/peer/sa-server -u admin -k netwitness -b 127.0.0.1
Start the NetWitness core service and check the status after regenerating the certificate.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Services
RSA Version/Condition: 11.4.x 11.5.x
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue