Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
This article details a workaround on how to distribute and apply the internal certificates on each node of the ArcSight Platform cluster through ssh key pairs
Products
ArcSight Transformation Hub
Environment
Version equal or prior to 23.1.x of an ArcSight Platform Suite cluster.
Situation
The binary "renewCert" fails at distributing and applying new internal certificates across the nodes of an ArcSight Platform cluster when using the "private key" option. The failure message may look similar to the one below:
Connecting ... [Failed connection nodes]: - master1.arcsight.com - master2.arcsight.com - master3.arcsight.com - worker1.arcsight.com - worker2.arcsight.com - worker3.arcsight.com Finished! Failed to connect all of the nodes. Please distribute the certificates under /opt/arcsight/kubernetes/ssl/new-certs manually. And then please run '/opt/arcsight/kubernetes/scripts/renewCert --apply' one each node one by one to make the certificates take effect. renew, ERR: unconnected Additional logging details can be found in: /opt/arcsight/kubernetes/log/scripts/renew/rc.20230325191231.log
Cause
This is an existing defect of the "renewCert" binary that is being worked by the R&D Team. This defect only affects the "private key" option, the "password" option works without issues as long as the password is known.
Read Full Knowledge Base Article for Resolution Steps.
URL Name
KM000017551