This article details a workaround on how to distribute and apply the internal certificates on each node of the ArcSight Platform cluster through ssh key pairs
ArcSight Transformation Hub
Version equal or prior to 23.1.x of an ArcSight Platform Suite cluster.
The binary "renewCert" fails at distributing and applying new internal certificates across the nodes of an ArcSight Platform cluster when using the "private key" option. The failure message may look similar to the one below:
Connecting ... [Failed connection nodes]: - master1.arcsight.com - master2.arcsight.com - master3.arcsight.com - worker1.arcsight.com - worker2.arcsight.com - worker3.arcsight.com Finished! Failed to connect all of the nodes. Please distribute the certificates under /opt/arcsight/kubernetes/ssl/new-certs manually. And then please run '/opt/arcsight/kubernetes/scripts/renewCert --apply' one each node one by one to make the certificates take effect. renew, ERR: unconnected Additional logging details can be found in: /opt/arcsight/kubernetes/log/scripts/renew/rc.20230325191231.log
This is an existing defect of the "renewCert" binary that is being worked by the R&D Team. This defect only affects the "private key" option, the "password" option works without issues as long as the password is known.