How to reconfigure the Threat Intelligence Exchange Server after ePolicy Orchestrator 5.9 or 5.10 certificate migration (SHA-1 to SHA-2)
Technical Articles ID:
KB88491
Last Modified: 2/3/2020
Environment
McAfee Threat Intelligence Exchange (TIE) Server 3.x, 2.x
Summary
This article guides you through the process needed to reconfigure the TIE Server after you complete the certificate regeneration process in ePolicy Orchestrator (ePO) 5.9.
This certificate reconfiguration resolves errors such as:
- The TIE dashboards display the message: This monitor can’t be displayed due to an unrecoverable error.
- The TIE Reputations page displays the message: An unexpected error occurred.
- The DXL connectivity status of a TIE server system shows as Not connected.
Prerequisites
Before you begin the process described in this article, make sure that:
- There is full connectivity in the DXL fabric:
- On the Data Exchange Layer Fabric page, click Refresh. All brokers must be listed in green.
- Click Menu, Server Settings, DXL Topology. Verify that the status of the hubs and bridges between DXL fabrics are connected, if there are any.
- Verify that the DXL Client for ePO Connection Status shows as Connected in Server Settings.
For troubleshooting DXL Broker upgrades or installation, see the DXL product documentation for your version.
- You have installed the TIE Server management extension package for your current TIE Server version.
The package is a .zip file called TIEServerMgmt*_Build_*_Package_*(ENU-LICENSED-RELEASE-Main).zip, where * corresponds to your TIE Server version.
If you need the extension package file again, download it from the Product Downloads site. After the download, check in the file to the Master Repository in ePO.
Reconfiguration Process
Perform the following steps on each ePO Server that manages TIE Servers:
- Back up your TIE Server Policies:
- In the ePO console, select Menu, Policy Catalog, and select McAfee Threat Intelligence Exchange Server Management.
- Download the XML policies file. Click Export next to Product Policies.
- Back up your TIE Server settings:
- In the ePO console, select Menu, Server Settings, Threat Intelligence Exchange Server.
- Click Edit.
- Make a note of your VirusTotal Public/Private key and enabled file types.
- Remove the TIE Server management extension:
- In the ePO console, select Menu, Extensions, McAfee TIE Server.
- Click Remove.
- Click OK and confirm removal.
- Install the TIE Server management extension:
- In the ePO console, select Menu, Extensions.
- Click Install Extension.
- Choose the TIEServerMgmt .zip file that corresponds to your installed version of TIE Server.
- Click OK and complete the installation.
- Restore your TIE Server policies:
- In the ePO console, select Menu, Policy Catalog.
- Click Import.
- Choose the XML policies file that you generated previously.
- Click OK and confirm the import and override.
- Edit the TIE Server policies assignment as needed.
- Restore your TIE Server settings:
- In the ePO console, select Menu, Server Settings, Threat Intelligence Exchange Server.
- Click Edit.
- Enter your VirusTotal Public/Private key and enabled file types.
- Select Menu, Server Tasks, and run the following tasks:
- Manage DXL Broker
- Send DXL State Event
- Apply TIESERVER Tags to TIE Servers
- TIE Server Synchronize CA
- TIE Server Synchronize Topology
- After you make sure that the previous steps have been completed on each ePO Server, perform the following steps on each TIE Server appliance:
- Log on to each TIE Server appliance using SSH and run the following command:
su
You are prompted to type the root password.
- Delete the pre-existing keystore from the appliance:
IMPORTANT: If you have an ATD certificate, it is not regenerated. You must back up the ATD certificate and reuse it. For more information, see KB87692.
After you back up the ATD certificate, use the following command to delete the pre-existing keystore manually:
rm -v /var/McAfee/tieserver/keystore/*
The path of the files that were removed from the keystore directory display.
- Run the following command:
reconfig-cert
The execution is successful when the "INFO Finished reconfig-cert execution" message displays.
|