IBM Support

QRadar: Keystore generation operation for the application framework failed.

Troubleshooting


Problem

Administrators receive a notification in the system notification menu related to a keystore generation failure:
"Failed to generate keystore ..."

Symptom

In the System Notification menu, the following error is displayed:
 
notification

Cause

After the QRadar version was updated, the system shows the error notification due to the keystore file was not created correctly or removed.

Diagnosing The Problem

Administrators run the following steps to confirm the keystore generation issue:
  1. Use SSH to log in to the QRadar Console as the root user.

  2. Validate the keystores by running the /opt/qradar/support/app_keystore_cert_validator.sh script:

    /opt/qradar/support/app_keystore_cert_validator.sh

    Output example (version 7.4.3 to 7.5.0 UP7) : 

    Performing certificate validation on certificate(s) in application framework keystore(s), please wait...
Checking certificate is valid in key store /etc/tomcat/tls/conman/tomcat_client_conman.p12
Verify certificate is valid ... YES
Checking certificate is valid in key store /etc/docker/tls/registry/docker-client-registry.p12
Verify certificate is valid ... NO
Failure reason: The certificate has expired.
Checking certificate is valid in key store /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
Verify certificate is valid ... YES

    Output example (version 7.5.0 UP8+ and above) :

    Performing certificate validation on certificate(s) in application framework keystore(s), please wait...
Checking certificate is valid in key store /etc/tomcat/tls/conman/tomcat_client_conman.p12
Verify certificate is valid ... YES
Checking certificate is valid in key store /etc/podman/tls/registry/podman-client-registry.p12
Verify certificate is valid ... NO
Failure reason: The certificate has expired.
Checking certificate is valid in key store /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
Verify certificate is valid ... YES

    Result
    Administrators have verified the keystores. If this message is present in the output "Verify certificate is valid ... NO" check the Resolving The Problem section for the next steps.

Resolving The Problem

Administrators run the following steps to regenerate broken keystores.
  1. Use SSH to log in to the QRadar Console as the root user.

  2. Regenerate the keystores by running the /opt/qradar/support/app_keystore_generator.sh script:

    /opt/qradar/support/app_keystore_generator.sh

  3. Validate the keystores by running the /opt/qradar/support/app_keystore_cert_validator.sh script:

    /opt/qradar/support/app_keystore_cert_validator.sh

     

    Output example (version 7.4.3 to 7.5.0 UP7) :

    Performing certificate validation on certificate(s) in application framework keystore(s), please wait...
Checking certificate is valid in key store /etc/tomcat/tls/conman/tomcat_client_conman.p12
Verify certificate is valid ... YES
Checking certificate is valid in key store /etc/docker/tls/registry/docker-client-registry.p12
Verify certificate is valid ... YES
Checking certificate is valid in key store /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
Verify certificate is valid ... YES
     

    Output example (version 7.5.0 UP8+ and above) :

    Performing certificate validation on certificate(s) in application framework keystore(s), please wait...
Checking certificate is valid in key store /etc/tomcat/tls/conman/tomcat_client_conman.p12
Verify certificate is valid ... YES
Checking certificate is valid in key store /etc/podman/tls/registry/podman-client-registry.p12
Verify certificate is valid ... YES
Failure reason: The certificate has expired.
Checking certificate is valid in key store /etc/tomcat/tls/traefik/tomcat_client_traefik.p12
Verify certificate is valid ... YES
    Result
    The administrator has successfully regenerated the keystores. If the issue persists, contact QRadar Support for assistance.
 

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3;and future releases"}]

Document Information

Modified date:
02 May 2024

UID

ibm16829579

Page Feedback