Question & Answer
Question
I have installed GPU 600 and my GUI has stopped working. I have tried restarting it from CLI, how can I fix the issue?
Cause
On some appliances, the certificates required to enable the GUI are created in a scrambled format due an issue with the keytool that is used to create them. It is not possible to predict when this issue will arise. This means that, when GPU 600 is installed, this certificate is not able to be restored due to its corrupted format.
In order to detect whether your appliance is prone to the issue:
You should find the mysql error log contained in must_gather system_db_info . This log is named differently depending on whether the system is 32 bit or 64 bit.
- 32 bit error log is named [hostname].err
- 64 bit error log is named mysql-error.log
In this log there are many messages with corresponding timestamps.
If you see the following messages, you can be prone to this issue:
SSL error: Unable to get certificate from '/usr/local/guardium/etc/server-cert.pem'
2016-01-27 14:23:10 6757 [Warning] Failed to setup SSL
2016-01-27 14:23:10 6757 [Warning] SSL error: Unable to get certificate
Answer
There are two possible solutions to fix this issue:
1) Contact Guardium Support for the relevant patches required to ensure the issue does not happen again. They will provide you with two patches, along with instructions on their installation and usage.
One will be installed before you install GPU 600, to create a valid backup of the keystore that is used for storing the certificates.
The other will be installed after you install GPU 600, in order to restore this backup and provide logs for any issues encountered.
2) Run a CSR task before the patch installation:
How to install an appliance certificate to avoid a browser SSL certificate challenge
This creates a keystore backup automatically.
Then, after p600 installation, run the CLI command:
restore certificate keystore backup
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21982927