Highlighted
Absent Member.
Absent Member.
712 views

Import multiple cacerts for different ESM's.

Hi,

This issue is for our ArcSigth ESM 6.0 not logger.  The platform is a linux (centos) box running snort and eventlog agents.  We an existing ESM (4.5.1) soon to be retired.  We have several linux connectors and we want to point it to the new ESM but keep the old ESM in tact. 

I have looked through the agent config manual but I can't see to get the commands to work that it is telling me to do.

I.E. when I type arcsight agent keytoolgui from the ArcSight_home\current\bin directory I get an -bash: keytool: command not found error.

Please help.

Labels (3)
0 Likes
Reply
5 Replies
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Import multiple cacerts for different ESM's.

Ryan,

You're simply missing ./ in front of your command you must enter "./arcsight agent keytoolgui".

Regards.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Import multiple cacerts for different ESM's.

Thanks Michel, that works as it launches the command.  I'm getting errrors however.  I just realized that might be due to the fact that I'm using linux CLI and it may not be capable of launcing a GUI.  Does that make sense?  Here is the error messages;

ArcSight Keytool GUI starting...

Exception in thread "AWT-EventQueue-0" java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which r                       equires it.
        at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:1                       59)
        at java.awt.Window.<init>(Window.java:432)
        at java.awt.Frame.<init>(Frame.java:403)
        at java.awt.Frame.<init>(Frame.java:368)
        at javax.swing.JFrame.<init>(JFrame.java:158)
        at info.waynegrant.utilities.keytoolgui.FKeyToolGUI.<init>(Unknown Sourc                       e)
        at info.waynegrant.utilities.keytoolgui.FKeyToolGUI$CreateAndShowGui.run                       (Unknown Source)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:641)
        at java.awt.EventQueue.access$000(EventQueue.java:84)
        at java.awt.EventQueue$1.run(EventQueue.java:602)
        at java.awt.EventQueue$1.run(EventQueue.java:600)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessCo                       ntrolContext.java:87)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:611)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThre                       ad.java:269)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.                       java:184)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThre                       ad.java:174)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

0 Likes
Reply
Highlighted
Frequent Contributor.
Frequent Contributor.

Re: Import multiple cacerts for different ESM's.

Looks like its the case - 'No X11 DISPLAY variable was set'.

Have a look at this article: "Installing/Configuring PuTTy and Xming"

Try Xming option "disable access control" if it wouldn't work from the first time.

If you connect as root (wich is not recommended) and then "su - arcsight" you need to copy .Xauthority file from root home folder into arcsight user home folder every time (and chown it to arcsight user, of course ).

0 Likes
Reply
Highlighted
Honored Contributor.
Honored Contributor.

Re: Import multiple cacerts for different ESM's.

Hi Ryan,

Did managed to get your requirement of connectors seeing both destinations. Can you please brief me the steps done. I am also trying to tackle a similar situation. But in my case i am trying to use the same self signed cert which was created in my prod ESM and use it in temp ESM which will have same host name and IP. Now this SSL cert has been deployed in all my connectors and is working fine. what i need is to make all the connectors working even with temp ESM using the current SSL cert.

Regards,

Aneesh Salimkumar

0 Likes
Reply
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

Re: Import multiple cacerts for different ESM's.

Hello Ryan

I had similar issues. I buypassed all this by installing an arcsightSmartconnector on my windows pc.

In your /jre/lib/security directory, put :

the cacerts of one of your connector that point the old ESM.

Self Signed Certificate of your new ESM (via ex : ./arcsight keytool -store managerkeys -exportcert -alias mykey -file /home/arcsight/esm6.cer)

Run the arcsight agent keytoolgui command and import the certificate of your new ESM.

Copy the new cacerts to all your conectors.

Regards

David Bergeron

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.