- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- How to regenerate certificates for Site Collector Core
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Regenerate certificates for Site Collector Core
The Site Collector Core certificates include Site Collector Core web server certificates, Windows Event Log to Site Collector Core communication certificates, and Syslog default certificates. You need to regenerate certificates for Site Collector Core in the following scenarios:
If you change the Site Collector VM IP address or hostname.
If the Windows Event Log Collector cannot use certificates from the Exabeam Security Operations Platform user interface to communicate with Site Collector Core.
If you want to fix any issues associated with certificates
Run the following script on the Site Collector Core VM to regenerate these certificates.
sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh
For Site Collectors version V1.11 and above, if you use the custom installation folder for Site Collector installation, use the following command.
sudo $(sudo cat /etc/ngsc_path_info)/exabeam/nifi/nifi_scripts/regenerate_certificate.sh
Refer to the following example of the script that shows successful certificate generation.
[exabeam@ihor-ngsc-centos-7 ~]$ sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh The existing collectors that use certificates won’t work anymore and you have to redeploy them. Are you sure you want to regenerate certificates and restart SC? Y/N? y Support: --tlsv1.2 --tls-max 1.2 Generating new certificates for NGSC Core Generate certificates Hostname: ihor-ngsc-centos-7 IP List: 10.70.2.12,172.17.0.1 Alternative names: localhost,ihor-ngsc-centos-7,10.70.2.12,172.17.0.1,ihor-ngsc-centos-7.c.ngsc-experiments.internal Creating new certificates [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine - Using /opt/exabeam/nifi/nifi_conf/nifi.properties as template. [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Running standalone certificate generation with output directory /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generated new CA certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-cert.pem and key /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-key.key [main] WARN org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Hostname count does not match given alternate name count. Verify names in resulting certificate. [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Writing new ssl configuration to /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated TLS configuration for ihor-ngsc-centos-7 1 in /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generating new client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12 [main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - tls-toolkit standalone completed successfully Backing up current certificates Moving new certificates Extracting certificates from keystore and truststore Importing keystore /opt/exabeam/nifi/nifi_conf/truststore.jks to /opt/exabeam/nifi/nifi_conf/truststore.p12... Entry for alias nifi-cert successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Importing keystore /opt/exabeam/nifi/nifi_conf/keystore.jks to /opt/exabeam/nifi/nifi_conf/keystore.p12... Entry for alias nifi-key successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Preparing certificates archives adding: ca.pem (deflated 28%) adding: cert.pem (deflated 28%) adding: key.pem (deflated 24%) Preparing copy certificates to GCP bucket Certificates were generated Generating new certificates for NGSC Core was completed successfully Enabling SSL Certificates Upload for NiFi SSL Certificates Upload completed Support: --tlsv1.2 --tls-max 1.2 Stopping NGSC Core Stop all Exa processors Checking if NiFi queue is empty NGSC was stopped successfully Support: --tlsv1.2 --tls-max 1.2 Starting NGSC Core Start all Exa processors NGSC Core was started successfully
You may look for the following key phrases that indicate that your script has successfully generated the certificates.
SSL Certificates Upload completed
NGSC Core was started successfully
After certificates are regenerated, reinstall the Window Event Log Collector, File Collector, and collectors that use default certificates such as the Syslog Collector and Fortinet Collector.