Knowledge Doc: [ArcSight Transformation Hub] Renewing internal certificates of an ArcSight Platform cluster using ssh key pairs

 
0 Likes

Summary
This article details a workaround on how to distribute and apply the internal certificates on each node of the ArcSight Platform cluster through ssh key pairs

Products
ArcSight Transformation Hub

Environment
Version equal or prior to 23.1.x of an ArcSight Platform Suite cluster.

Situation
The binary "renewCert" fails at distributing and applying new internal certificates across the nodes of an ArcSight Platform cluster when using the "private key" option. The failure message may look similar to the one below:

Connecting ...
[Failed connection nodes]:
    - master1.arcsight.com
    - master2.arcsight.com
    - master3.arcsight.com
    - worker1.arcsight.com
    - worker2.arcsight.com
    - worker3.arcsight.com
Finished! Failed to connect all of the nodes. Please distribute the certificates under /opt/arcsight/kubernetes/ssl/new-certs manually.
And then please run '/opt/arcsight/kubernetes/scripts/renewCert --apply' one each node one by one to make the certificates take effect.
renew, ERR: unconnected
Additional logging details can be found in:
    /opt/arcsight/kubernetes/log/scripts/renew/rc.20230325191231.log



Cause
This is an existing defect of the "renewCert" binary that is being worked by the R&D Team. This defect only affects the "private key" option, the "password" option works without issues as long as the password is known.

Read Full Knowledge Base Article for Resolution Steps. 



URL Name
KM000017551

Labels:

Knowledge Docs
Comment List
Related
Recommended