Rotating Insight certificates

Complete the steps provided here to rotate the Insight certificates on the nodes in the Audit Store cluster. Complete the steps for one of the two scenarios. For a single-node where nodes have still to be added to the cluster or a multi-node cluster where nodes are already added to the cluster.

These steps are only applicable for the system-generated Protegrity certificate and keys. For rotating custom certificates, refer here. If the ESA keys are rotated, then the Audit Store certificates must be rotated.

Log in to the ESA Web UI.
Navigate to System > Services > Misc.
Stop the td-agent service. Skip this step if Analytics is not initialized.
On the ESA Web UI, navigate to System > Services > Misc.
Stop the Analytics service.
Navigate to System > Services > Audit Store.
Stop the Audit Store Management service.
Navigate to System > Services > Audit Store.
Stop the Audit Store Repository service.
Run the Rotate Audit Store Certificates tool on the system.
1. From the CLI, navigate to Tools > Rotate Audit Store Certificates.
2. Enter the root password and select OK.
3. Enter the admin username and password and select OK.
4. Enter the IP of the local system in the Target Audit Store Address field and select OK to rotate the certificates.
5. After the rotation is complete select OK.
  The CLI screen appears.
Navigate to System > Services > Audit Store.
Start the Audit Store Repository service.
Navigate to System > Services > Audit Store.
Start the Audit Store Management service.
Navigate to Audit Store > Cluster Management and confirm that the cluster is functional and the cluster status is green or yellow. The cluster with green status is shown in the following figure.
Navigate to System > Services > Misc.
Start the Analytics service.
Navigate to System > Services > Misc.
Start the td-agent service. Skip this step if Analytics is not initialized.
The following figure shows all services started.

On a multi-node Audit Store cluster, the certificate rotation must be performed on every node in the cluster. First, rotate the certificates on a Lead node, which is the Primary ESA, and then use the IP address of this Lead node while rotating the certificates on the remaining nodes in the cluster. The services mentioned in this section must be stopped on all the nodes, preferably at the same time with minimum delay during certificate rotation. After certificate rotation, the services that were stopped must be started again on the nodes in the reverse order.

Log in to the ESA Web UI.
Stop the required services.
1. Navigate to System > Services > Misc.
2. Stop the td-agent service. This step must be performed on all the other nodes followed by the Lead node. Skip this step if Analytics is not initialized.
3. On the ESA Web UI, navigate to System > Services > Misc.
4. Stop the Analytics service. This step must be performed on all the other nodes followed by the Lead node.
5. Navigate to System > Services > Audit Store.
6. Stop the Audit Store Management service. This step must be performed on all the other nodes followed by the Lead node.
7. Navigate to System > Services > Audit Store.
8. Stop the Audit Store Repository service.
  Attention: This is a very important step and must be performed on all the other nodes followed by the Lead node without any delay. A delay in stopping the service on the nodes will result in that node receiving logs. This will lead to inconsistency in the logs across nodes and logs might be lost.
Run the Rotate Audit Store Certificates tool on the Lead node.
1. From the ESA CLI Manager of the Lead node, that is the primary ESA, navigate to Tools > Rotate Audit Store Certificates.
2. Enter the root password and select OK.
3. Enter the admin username and password and select OK.
4. Enter the Ip of the local machine in the Target Audit Store Address field and select OK.
5. After the rotation is completed without errors, the following screen appears. Select OK to go to the CLI menu screen.
  The CLI screen appears.
Run the Rotate Audit Store Certificates tool on all the remaining nodes in the Audit Store cluster one node at a time.
1. From the ESA CLI Manager of a node in the cluster, navigate to Tools > Rotate Audit Store Certificates.
2. Enter the root password and select OK.
3. Enter the admin username and password and select OK.
4. Enter the IP address of the Lead node in Target Audit Store Address and select OK.
5. Enter the admin username and password for the Lead node and select OK.
6. After the rotation is completed without errors, the following screen appears. Select OK to go to the CLI menu screen.
  The CLI screen appears.
Start the required services.
1. Navigate to System > Services > Audit Store.
2. Start the Audit Store Repository service.
  Attention: This step must be performed on the Lead node followed by all the other nodes without any delay. A delay in starting the services on the nodes will result in that node receiving logs. This will lead to inconsistency in the logs across nodes and logs might be lost.
3. Navigate to System > Services > Audit Store.
4. Start the Audit Store Management service. This step must be performed on the Lead node followed by all the other nodes.
5. Navigate to Audit Store > Cluster Management and confirm that the Audit Store cluster is functional and the Audit Store cluster status is green or yellow as shown in the following figure.
6. Navigate to System > Services > Misc.
7. Start the Analytics service. This step must be performed on the Lead node followed by all the other nodes.
8. Navigate to System > Services > Misc.
9. Start the td-agent service. This step must be performed on the Lead node followed by all the other nodes. Skip this step if Analytics is not initialized.
  The following figure shows all services that are started.
Verify that the Audit Store cluster is stable.
1. On the ESA Web UI, navigate to Audit Store > Cluster Management.
2. Verify that the nodes are still a part of the Audit Store cluster.

←Previous
Next→

Last modified : November 18, 2024