IBM Support

QRadar: Failed to generate Keystore "Failed to generate keystore /etc/tomcat/tls/conman/tomcat_client_conman.p12"

Troubleshooting


Problem

Administrators receive a notification in the system notification menu related to the failure to generate the keystore file. When this error is present on the system, it can affect starting, stopping, updating, or installing applications.

Symptom

In the System Notification menu, the following error is displayed:
Error : Failed to generate keystore /etc/tomcat/tls/conman/tomcat_client_conman.p12

Cause

After the QRadar version was updated, the system shows an error notification due to the keystore file was not created correctly or removed.

Environment

QRadar 7.4.3 and later.

Diagnosing The Problem

 In the CLI

  1. Log in to the QRadar Console as the root user.
  2. Run the grep command and search for the error message in /var/log/qradar.error. 
    grep 'keyStore' /var/log/qradar.error
    Output Example: 
    [ERROR][-/- -]Failed to generate keystore /etc/tomcat/tls/conman/tomcat_client_conman.p12. 
[ERROR][-/- -]Unable to read keystore tomcat_client_conman.p12 
[ERROR][-/- -]Unable to build ssl context for mutual tls, using keyStore [/etc/tomcat/tls/conman/tomcat_client_conman.p12]
[-/- -] [pool-1-thread-1] java.io.IOException: keystore password was incorrect

Resolving The Problem

  1. Log in to the QRadar Console command line as the root user.
  2. Ensure tomcat_client_conman.p12 is present inside /etc/tomcat/tls/conman: 
    ls -l /etc/tomcat/tls/conman
  3. Run the following script to regenerate the keystore file: 
    /opt/qradar/bin/runjava.sh com.ibm.si.application.commandline.KeyStoreGenerator -c /etc/tomcat/tls/conman/tomcat-client-conman.cert -k /etc/tomcat/tls/conman/tomcat-client-conman.key -s /etc/tomcat/tls/conman/tomcat_client_conman.p12
  4. Run the following command again inside /etc/tomcat/tls/conman/ to check whether the keystore regenerated successfully: 
    ls -lrth /etc/tomcat/tls/conman/
    Output example: 
    ls -lrth /etc/tomcat/tls/conman/
total 24K
-rw------- 1 nobody nobody 1.7K Feb  8 13:00 tomcat-client-conman.key
-rw------- 1 nobody nobody 1.1K Feb  8 13:00 tomcat-client-conman.csr
-rw-r--r-- 1 nobody nobody 1.8K Feb 23 12:01 tomcat-client-conman.cert
-rw-r--r-- 1 nobody nobody 7.3K Feb 23 12:01 conman_ca.crt
-rw-r--r-- 1 nobody nobody 3.2K Feb 23 12:02 tomcat_client_conman.p12
    Result
    The tomcat_client_conman.p12 keystore file is present on the console. Wait for 24 hours and confirm that the system did not create a new notification regarding the keystore file. If the administrator continues to experience issues, contact QRadar Support for assistance.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3;and future releases"}]

Document Information

Modified date:
13 April 2023

UID

ibm16965340

Page Feedback