Troubleshooting Tip: FortiSOAR Postgres and Nginx certificate expired for Custom SSL Certificate
Description
This article provides solutions for FortiSOAR Postgres and Nginx certificates expired.
Scope
FortiSOAR.
Solution
FortiSOAR utilizes self-signed certificates to communicate internally with Postgres and Nginx and it will be expired. If users are using the default configuration, it can be renewed as mentioned in this KB article:Technical Tip: Unable to log onto FortiSOAR instances due to the expiration of the self-signed certificates
However, if users are using custom certificates for SSL in /etc/nginx/conf.d/nginx.conf and still facing the error below:
----
Node name: XXX
Postgres Certificate Expiring On XX Mar, 20XX
Nginx Certificate Expiring On XX Mar, 20XX
Identify the components reporting a failure and refer to the documentation Help > Administration Guide > Monitoring FortiSOAR section for more help on troubleshooting.
----
Users just need to run the command below:
# csadm certs --generate <your FSR hostname>
This command will renew the self-signed certificate in /etc/nginx/ssl:
-rw-r--r--. 1 root root 1533 Mar XX 20XX server.leaf.crt
-rw-r--r--. 1 root root 1184 Mar XX 20XX server.leaf.csr
-rw-r--r--. 1 root root 1704 Mar XX 20XX server.leaf.key
-rw-r--r--. 1 root root 3237 Mar XX 20XX server.leaf.pem
Hence, the custom certificate in /etc/nginx/conf.d/nginx.conf will remain and be renewed by the user when the custom certificate expires.
Note:
Take a snapshot before proceeding to avoid unnecessary risk.
Related document: