.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA NetWitness 11.x Certificate rescue failed for Respond Server
Issue
Certificate rescue failed for Respond server when Event Stream Analysis (ESA) is not available in NetWitness Platform.Resolution
1. Backup then open the certreissue.rb file for editing using the below command:
vi /var/netwitness/config-management/cookbooks/launch/rsa-response/recipes/certreissue.rb
2. Comment the following code:
service_name = node['rsa-response']['service_names'].first
component_name = node['rsa-response']['component_name'
#nw_pki_bootstrap_launch "reissue certs for #{service_name}" do
#service_name service_name
#component_name component_name
#pki_cert_namespace cookbook_name
#use_http false
#only_if { node['packages'][service_name] }
#end
:wq! [To save the file after making the changes.]
3. Type the following commands:
component_name = node['rsa-response']['component_name'
#nw_pki_bootstrap_launch "reissue certs for #{service_name}" do
#service_name service_name
#component_name component_name
#pki_cert_namespace cookbook_name
#use_http false
#only_if { node['packages'][service_name] }
#end
:wq! [To save the file after making the changes.]
nw-rescue-cert exec-rescue-local -p <deployment_password>
nw-rescue-cert exec-rescue-remote -p <deployment_password>
Note: Make sure cert rescue hotfix is installed on node-x. This is applicable only for 11.5 version.
Reissue the certificate using the following command:
a. Restart respond server service using the following command:
systemctl restart rsa-nw-respond-server
b. Reissue the certificate using the following command:
cert-reissue --host-all
c. (Optional) If step 2 fails, run the following command:
cert-reissue –host-all –skip-health-checks
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: RSA NetWitness Platform
RSA Version/Condition: 11.5.x and later
Platform: CentOS
O/S Version: 7
Approval Reviewer Queue
Technical approval queue