Troubleshooting
Problem
Administrators receive a notification in the system notification menu related to the failure to generate the keystore file. When this error is present on the system, it can affect starting, stopping, updating, or installing applications.
Symptom
In the System Notification menu, the following error is displayed:
Error : Failed to generate keystore /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
Cause
After the QRadar version was updated, the system shows an error notification due to the keystore file was not created correctly or removed.
Environment
QRadar 7.4.3 and later.
Diagnosing The Problem
In the CLI
- Log in to the QRadar Console as the root user.
- Run the grep command and search for the error message in /var/log/qradar.error.
grep 'keyStore' /var/log/qradar.error
Output Example:
[ERROR][-/- -]Failed to generate keystore /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
[ERROR][-/- -]Unable to read keystore tomcat_client_traefik.p12
[ERROR][-/- -]Unable to build ssl context for mutual tls, using keyStore [/etc/tomcat/tls/traefik/tomcat_client_traefik.p12]
[-/- -] [pool-1-thread-1] java.io.IOException: keystore password was incorrect
Resolving The Problem
- Log in to the QRadar Console command line as the root user.
- Ensure
tomcat_client_traefik.p12
is present inside /etc/tomcat/tls/conman:
ls -l /etc/tomcat/tls/traefik
3.Run the following script to regenerate the keystore file:
/opt/qradar/bin/runjava.sh com.ibm.si.application.commandline.KeyStoreGenerator -c /etc/tomcat/tls/traefik/tomcat-client-traefik.cert -k /etc/tomcat/tls/traefik/tomcat-client-traefik.key -s /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
4.Run the following command again inside /etc/tomcat/tls/conman/ to check whether the keystore regenerated successfully:
ls -lrth /etc/tomcat/tls/traefik/
Output example:
ls -l /etc/tomcat/tls/traefik
total 24
-rw-r--r-- 1 nobody nobody 1793 Jan 2 21:44 tomcat-client-traefik.cert
-rw------- 1 nobody nobody 1033 Jan 2 21:37 tomcat-client-traefik.csr
-rw------- 1 nobody nobody 1708 Jan 2 21:37 tomcat-client-traefik.key
-rw-r--r-- 1 nobody nobody 3215 Jan 2 21:45 tomcat_client_traefik.p12
-rw-r--r-- 1 nobody nobody 7469 Jan 2 21:44 traefik_ca.crt
Result
The
tomcat_client_traefik.p12
keystore file is present on the console. Wait for 24 hours and confirm that the system did not create a new notification regarding the keystore file. If the administrator continues to experience issues, contact QRadar Support for assistance.Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3;7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
27 February 2024
UID
ibm17120650