SSIM 4.7 MP3 installation overwrites certificate keystore of the onboard agent

Article:TECH155494  |  Created: 2011-03-14  |  Updated: 2012-02-08  |  Article URL http://www.symantec.com/docs/TECH155494
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Subject

Issue



During the installation of Maintenance Pack 3 (MP3) on a Symantec Security Information Manager (SSIM) 4.7 machine the certificate keystore of the onboard SSIM Agent gets overwritten.

There are two scenarios where this causes a problem.

1.  The SSIM appliance is setup to use a signed certficate. It will break the communication between the onboard agent and the manager.

2. The Symantec Event Collector for 4.4 for Microsoft Vista and Microsoft Windows 2008 is installed on the SSIM machine and configured for onboard use and the sensor is configured to use the HTTPS protocol. This will break the communication between the Collector wsmanagement sensor and the Windows Remorte Management (WinRM)  service on the Windows machine.


Cause



When installing MP3 the onboard SSIM Agent 4.7.0 gets updated to version 4.7.1. This will overwrite the certificate keystore of the Agent.


Solution



1. When you haven't installed MP3 yet, you can take a backup of the Agent certificate keystore

To take  a backup of the certificate keystore file run the following command as root:

cp /opt/Symantec/sesa/Agent/jre/lib/security/cacerts /root/cacerts

Install MP3.

Then copy the restore the backup of the keystore:

cp /root/cacerts /opt/symantec/sesa/Agent/jre/lib/security/cacerts

To make sure the ownership of the file is set correctly:

chown sesuser:ses /opt/Symantec/sesa/Agent/jre/lib/security/cacerts

Restart the Agent:

/etc/init.d/sesagentd stop

/etc/init.d/sesagentd start

This should restore all the communication between the different components.

 

2. When you already installed MP3 without making a backup of the agent certificate keystore, you use the certificate keystore of the onboard Java installation for the SSIM services.

As root run the following command:

cp /opt/jdk/jre/lib/security/cacerts /opt/Symantec/sesa/Agent/jre/lib/security/cacerts

To make sure the ownership of the file is set correctly:

chown sesuser:ses /opt/Symantec/sesa/Agent/jre/lib/security/cacerts

Restart the Agent:

/etc/init.d/sesagentd stop

/etc/init.d/sesagentd start




Article URL http://www.symantec.com/docs/TECH155494


Terms of use for this information are found in Legal Notices