SmartSense SSL troubleshooting
SmartSense components use SSL for protecting communications between the HST server and agents, and between the HST server and SmartSense gateway. If installation issues arise, you can reset these SSL certificates.
HST Server
1. To reset the HST server SSL certificate database, which forces all HST agents to regenerate their certificates, use the hst reset command:
# hst reset
Resetting SmartSense Server will remove server and all registered agent certificates and reset the certificate database. Do you want to continue? [y/n] (default: n): y
SmartSense Server is currently running and needs to be stopped in order to reset. Do you want to stop the SmartSense Server? [y/n] (default: n): y
SmartSense Server stopped
SmartSense Server reset completed.
Do you want to restart SmartSense Server? [y/n] (default: y): y
Server PID at: /var/run/hst/hst-server.pid
Server out at: /var/log/hst/hst-server.out
Server log at: /var/log/hst/hst-serer.log
Waiting for server start . . . . . . .
2. Next, you must manually reset each individual HST agent after running this command. For instructions on how to reset the agents, see the following HST Agent section.
HST agent
-
An individual agent is having issues related to SSL when communicating with the HST server.
-
You have just reset the HST server SSL certificate database (see the HST Server section above). In this case, you must perform these steps on each individual HST agent.
1. Use the hst reset-agent command to remove all certificates registered with the HST server for the specific agent.
# hst reset-agent
Resetting SmartSense Agent will remove all certificates registered with SmartSense server. Do you want to continue? [y/n] (default: n): y
SmartSense Agent reset completed.
# hst setup-agent -q
SmartSense gateway
If HST server is having issues related to SSL when communicating with the SmartSense gateway, you can use the hst gateway reset to remove all HST server certificates registered with the specific gateway.
# hst gateway reset
Resetting SmartSense Gateway will remove all certificates and reset the certificate database. Do you want to continue? [y/n] (default: n): y
SmartSense Gateway stopped
SmartSense Gateway reset completed.
Gateway has to be started to create new certificates. Do you want to start the Gateway? [y/n] (default: y): y
SmartSense Gateway PID at: /var/run/hst/hst-gateway.pid
SmartSense Gateway out at: /var/log/hst/hst-gateway.out
SmartSense Gateway log at: /var/log/hst/hst-gateway.log
Waiting for Gateway start . . . . . . . . . .
SmartSense Gateway started.