AppHost

#apphost #issues #siem

Unable to install Qradar Apps

Cause: keystore error

Jul 3 06:34:44 DC3-QRADAR-APP [generate-docker-keystore]: [ERROR] [NOT:0000013105][10.137.4.53/- -] [-/- -]Failed to generate keyst ore /etc/docker/tls/registry/docker-client-registry.p12. Failure reason Failed to insert application credential for docker-client-re gistry into the database Jul 3 21:24:54 ::ffff:127.0.0.1 [hostcontext.hostcontext] [main] com.q1labs.frameworks.crypto.trustmanager.Q1X509CertificateFactory : [WARN] [NOT:0000004000][10.137.4.53/- -] [-/- -]Can't load certificates from file [/opt/qradar/conf/trusted_certificates/syslog-tl s.key] because the specified file name is not ended with one of the supported suffix: pem, crt, cert, der, truststore. Jul 3 21:27:44 DC3-QRADAR-APP [generate-docker-keystore]: [ERROR] [NOT:0000013105][10.137.4.53/- -] [-/- -]Failed to generate keyst ore /etc/docker/tls/registry/docker-client-registry.p12. Failure reason Failed to insert application credential for docker-client-re gistry into the database

Validate if the keystore is showing OK using below command

Execute the below command to check

/opt/qradar/support/app_keystore_cert_validator.sh

Expected Output

Performing certificate validation on certificate(s) in application framework keystore(s), please wait... Checking certificate is valid in key store /etc/tomcat/tls/conman/tomcat_client_conman.p12 Verify certificate is valid ... YES Checking certificate is valid in key store /etc/docker/tls/registry/docker-client-registry.p12 Verify certificate is valid ... YES Checking certificate is valid in key store /etc/tomcat/tls/traefik/tomcat_client_traefik.p12 Verify certificate is valid ... YES

If any of the certificate valid says "NO" then there is issue with keystore.

Solution 1:

Once you identify the keystore issue, Execute below command on console to resolve the issue

/opt/qradar/bin/runjava.sh com.ibm.si.application.commandline.KeyStoreGenerator -c /etc/docker/tls/registry/docker-client-registry.cert -k /etc/docker/tls/registry/docker-client-registry.key -s /etc/docker/tls/registry/docker-client-registry.p12

Alternately you can also follow below document as well.

https://www.ibm.com/support/pages/node/6829579

Once keystore is regenerated, execute below command again to validate keystore and do full deploy.

/opt/qradar/support/app_keystore_cert_validator.sh

Once done with all the steps, Try to install application again and let us know the outcomes.

If application installation fails again, share us fresh getlogs using below command.

/opt/qradar/support/get_logs.sh -a -S -q 7

Solution 2:

Check iptables services status, restart if needed