How to propagate new destination certificates to Connectors in bulk

  • Document ID:KM02767754
  • Creation Date:03-Apr-2017
  • Modified Date:26-Jan-2021
    • Micro Focus Products:
      arcsight smart connectors

Summary

For connectors that share the same destination.

Question

Propagating new certificates destination to connectors in bulk that share the same destination

Answer

This KB article only applies to the situations below:
1. All Connectors share the same destinations.
2. All certificates of all destinations will be renewed or exchanged for new sign certs.
3. The amount of Connectors is very high, for example 250 Connectors; and it is needed not to spend too much time re-registering the destinations since this will consume a considerable amount of time
 
Follow the instructions below BEFORE the new certificates are applied to the destinations:
1. Have all the software Connectors to be managed by ArcMC or ConnApp. Make sure you do not miss any Connector to avoid long connectivity issues.

2. Gather all the new certificates in a specific folder.

3. Upload the new certificates to ArcMC by navigating to Administration > Repositories > CA Certs, click on Upload and proceed to upload all the new certificates.

4. Then proceed to apply the new certificates in the destinations.
    Note that probably the Connectors might loose connectivity with its destinations in this process but this is expected since the path to the certificates will have changed.

 
    Below are the instructions to follow to avoid re-register the destinations one by one (for the assumption that there is a long list of connectors):
    4.1. Navigate to the first connector where you want to apply the new certificates by clicking on Node Management > View All Nodes > 'Target Location' > 'Target Host'"

    4.2. Select the first container to apply the new certificates.

    4.3. Navigate to Certificates > Next > Add certificate. Assign a name for the new certificate selected from the drop-down menu.

    4.4. Repeat steps 4.2. and 4.3. to add all the new certificates to the container selected in step 4.2.
           There is no need to restart the Connector since the ArcMC is updating the Connector cacerts file, the file where all the certificates' information reside. The GUI updates in couple of minutes.

    4.5. Now, navigate to the machine where resides the connector to which all the new certificates were applied and copy the cacerts file:
           For Windows: <$Connector_Home>/current/jre/lib/security/cacerts
           For Linux: <$Connector_Home>/current/jre/security/cacerts

    4.6. Propagate the cacerts files copied on step 4.5. to the other Connectors under the path provided in step 4.5.

    4.7. In this case, the Connector will need a restart since this a manual operation.

    4.8. Finally, just wait until the Connector restarts and then monitor the outbound EPS.