Sensor Gateway health_check URL fails after certificate renew
search cancel

Sensor Gateway health_check URL fails after certificate renew

book

Article ID: 380593

calendar_today

Updated On:

Products

Carbon Black Cloud Workload Carbon Black Cloud Enterprise EDR Carbon Black Cloud Endpoint Standard

Issue/Introduction

Unable to access https://<server>/health_check after certificate renew.

Environment

  • Carbon Black SensorGateway: All supported versions
  • Linux OS: All supported versions

Resolution

Case 1: If unable to read file: /data/certs/sgw_certificate.pem error is observed in envoy-system.log

Solution: Change the ownership to sgwuser. Here are the chown command to change the ownership:

docker exec -it <container-id> /bin/bash
chown sgwuser:sgw /data/certs/sgw_certificate.pem
ls -ltr /data/certs/sgw_certificate.pem

After executing above commands restart the docker using command on host machine

sudo docker restart <container-id>

Note: <container-id> needs to be replaced appropriately with current sensor gateway container-id.

 

Case 2: If cause {{ Cause: error:09000068:PEM routines:OPENSSL_internal:BAD_PASSWORD_READ}} is observed in envoy-system.log

Solution: Remove the private key password and restart the docker.