.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Certificate Expiry Warning Popup showing certificates with no host.
Tasks
Resolution
You can use the attached script to remove the legacy certificates.
The script is written by Omar Imam from CS.
How to use the script:
1) Start by using the second option (Check salt connectivity) to test the connection between the Salt master (Admin server) and the rest of the hosts. If the connection errors are caused by stale Salt keys, use the next option.
2) In case your environment has any stale salt keys, the third option (Remove stale salt keys) will remove them from both Salt and RabbitMQ.
3) After making sure you have successful connection on all hosts, you can run the fourth option (Remove legacy certificates).
4) The fourth option will first display the IDs that are going to be removed, backup the current certificate collection in (/root/certificate.
Notes
This script will automatically find and remove the legacy certificates on your system.
This is done by first collecting all the UUIDs of the hosts and services available in the environment.
Those UUIDs are collected from the Orchestration-Server database and from Salt nodeinfo module.
Certificates in Mongo are saved with their (host/service) UUID as their primary key (except for salt-api).
We crosscheck the UUIDs collected earlier with the IDs in Mongo to determine which ones to remove.
Orchestration Server contains all the hosts' UUIDs and all of the services' UUIDs except for (salt-api, NwAppliance and RabbitMQ).
We manually add the salt-api UUID as it's always the same.
NwAppliance and RabbitMQ UUIDs are collected from Salt nodeinfo output.
It's essential to have a working Salt connection with all the hosts in order to fetch those UUIDs.
Any stale host key in Salt will prevent the script from removing its related certificates, so it's advisable to remove those stale hosts first.
NOTE: the script should only be run on the Admin Server
Product Details
NetWitness Product Set: NetWitness Logs & Network
NetWitness Product/Service Type: NetWitness Platform
NetWitness Version/Condition: 11.x ,12.x
Platform: Centos 7 / AlmaLinux 8.9
Approval Reviewer Queue
Technical approval queue