Updating Insight custom certificates

Certificates must be rotated in certain cases, such as, when the certificates expire or become invalid. If the ESA Management and Web Services certificates are rotated, then the Insight certificates must be rotated. Complete the steps provided here to rotate custom Insight certificates on the nodes in the Audit Store cluster. Complete the steps for one of the two scenarios, for a single-node cluster where nodes have still to be added to the cluster or a multi-node cluster where the nodes are already added to the cluster.

These steps are only applicable for custom certificate and keys. For rotating Protegrity certificates, refer here.

For more information about certificates, refer here.

Rotate custom certificates on the Audit Store cluster that has a single node in the cluster using the steps provided here.

On a multi-node Audit Store cluster, the certificate rotation must be performed on every node in the cluster. First, rotate the certificates on a Lead node, which is the Primary ESA, and then use the IP address of this Lead node while rotating the certificates on the remaining nodes in the cluster. The services mentioned in this section must be stopped on all the nodes, preferably at the same time with minimum delay during certificate rotation. After updating the certificates, the services that were stopped must be started again on the nodes in the reverse order.

  1. Log in to the ESA Web UI.

  2. Navigate to System > Services > Misc.

  3. Stop the td-agent service. This step must be performed on all the other nodes followed by the Lead node.

  4. On the ESA Web UI, navigate to System > Services > Misc.

  5. Stop the Analytics service. This step must be performed on all the other nodes followed by the Lead node. The other nodes might not have Analytics installed. In this case, skip this step on those nodes.

  6. Navigate to System > Services > Audit Store.

  7. Stop the Audit Store Management service. This step must be performed on all the other nodes followed by the Lead node.

  8. Navigate to System > Services > Audit Store.

  9. Stop the Audit Store Repository service.

    Attention: This is a very important step and must be performed on all the other nodes followed by the Lead node without any delay. A delay in stopping the service on the nodes will result in that node receiving logs. This will lead to inconsistency in the logs across nodes and logs might be lost.

  10. Apply the custom certificates on the Lead ESA node.

    For more information about certificates, refer here.

  11. Complete any one of the following steps on the remaining nodes in the Audit Store cluster.

    • Apply the custom certificates on the remaining nodes in the Audit Store cluster.

      For more information about certificates, refer here.

    • Run the Rotate Audit Store Certificates tool on all the remaining nodes in the Audit Store cluster one node at a time.

      1. Log in to the ESA CLI Manager of a node in the Audit Store cluster.

      2. Navigate to Tools > Rotate Audit Store Certificates.

      3. Enter the root password and select OK.

      4. Enter the admin username and password and select OK.

      5. Enter the IP address of the Lead node in Target Audit Store Address and select OK.

      6. Enter the admin username and password for the Lead node and select OK.

      7. After the rotation is completed without errors, the following screen appears. Select OK to go to the CLI menu screen.

        The CLI screen appears.

  12. Navigate to System > Services > Audit Store.

  13. Start the Audit Store Repository service.

Attention: This step must be performed on the Lead node followed by all the other nodes without any delay. A delay in starting the services on the nodes will result in that node receiving logs. This will lead to inconsistency in the logs across nodes and logs might be lost.

  1. Navigate to System > Services > Audit Store.

  2. Start the Audit Store Management service. This step must be performed on the Lead node followed by all the other nodes.

  3. Navigate to Audit Store > Cluster Management and confirm that the Audit Store cluster is functional and the Audit Store cluster status is green or yellow as shown in the following figure.

  4. Navigate to System > Services > Misc.

  5. Start the Analytics service. This step must be performed on the Lead node followed by all the other nodes. The other nodes might not have Analytics installed. In this case, skip this step on those nodes.

  6. Navigate to System > Services > Misc.

  7. Start the td-agent service. This step must be performed on the Lead node followed by all the other nodes.

    The following figure shows all services that are started.

  8. On the ESA Web UI, navigate to Audit Store > Cluster Management.

  9. Verify that the nodes are still a part of the Audit Store cluster.

Last modified January 21, 2025