Troubleshooting
Problem
The QRadar® GUI fails to load due to an invalid certificate installation preventing HTTPd from starting.
To install a custom certificate in QRadar®, the /opt/qradar/bin/install-ssl-cert.sh script must be run, but as the certificate is invalid, it fails with "ERROR: Failed to restart httpd service".
Symptom
The install-ssl-cert.sh script process fails when it tries to reload the HTTPd configuration.
# /opt/qradar/bin/install-ssl-cert.sh
Path to Public Key File (SSLCertificateFile): /tmp/cert.cer
Path to Private Key File (SSLCertificateKeyFile): /tmp/key.key
You have specified the following:
SSLCertificateFile of /tmp/cert.crt
SSLCertificateKeyFile of /tmp/key.key
Re-configure Apache now (includes restart of httpd) (Y/[N])? Y
Backing up current SSL configuration ... (OK)
Installing user SSL certificate ... (OK)
Reloading httpd configuration:
- Restarting httpd service ... (FAILED)
[install-ssl-cert.sh] ERROR: Failed to restart httpd service
Restoring previous SSL configuration ... (OK)
Reloading httpd configuration:
(SKIPPED): httpd not running
[install-ssl-cert.sh] ERROR: Could not update SSL certificate - previous config restored
This failure leaves the HTTPd service in failed status and the GUI unavailable.
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─qradar.conf
Active: failed (Result: exit-code) since Fri 2020-09-25 12:25:40 EDT; 20s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 22575 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 22571 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Process: 22332 ExecStartPre=/opt/qradar/systemd/bin/forensics_generate_mks_ghost.sh (code=exited, status=0/SUCCESS)
Main PID: 22571 (code=exited, status=1/FAILURE)
Sep 25 12:25:40 hostname httpd[22571]: [Fri Sep 25 12:25:40.846...
Sep 25 12:25:40 hostname httpd[22571]: [Fri Sep 25 12:25:40.847...
Sep 25 12:25:40 hostname httpd[22571]: [Fri Sep 25 12:25:40.847...
Sep 25 12:25:40 hostname httpd[22571]: [Fri Sep 25 12:25:40.847...
Sep 25 12:25:40 hostname systemd[1]: httpd.service: main proces...
Sep 25 12:25:40 hostname kill[22575]: kill: cannot find process ""
Sep 25 12:25:40 hostname systemd[1]: httpd.service: control pro...
Sep 25 12:25:40 hostname systemd[1]: Failed to start The Apache...
Sep 25 12:25:40 hostname systemd[1]: Unit httpd.service entered...
Sep 25 12:25:40 hostname systemd[1]: httpd.service failed
Document Location
Worldwide
[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS004252708","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
17 June 2021
UID
ibm16362011