Hello,
ave a FortiSIEM setup with a supervisor, worker, and collector. I encountered an issue while deploying an SSL certificate to replace the default Fortinet certificate. I have three certificate files: server.pem, key.pem, and trustrootCa.crt. I initially deployed these certificates in /etc/httpd/conf.d/ssl.conf as follows:
- SSLCertificateFile /etc/httpd/conf.d/server.pem
- SSLCertificateChainFile /etc/httpd/conf.d/trustrootCa.crt
- SSLCertificateFile /etc/httpd/conf.d/key.pem
- The TrustRootCA was transferred to the worker and collector and imported into the ca-bundle.crt to be trusted. This was done by running the command update-ca-trust extract.
The SSL certificate was deployed on all servers using this configuration. When running curl -vv https://FQDN from the collector to the supervisor, SSL verification was successful.
However, the issue arose when the worker's phParser process and the collector process went down. After troubleshooting, the following error was found on the worker, supervisor, and collector:
- 2024-07-10T01:00:02.532543+03:00 fortiworker phDataManager[8988]: ACE_SSL (8988|9528) ecode: 336151568 - error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
- 2024-07-10T01:00:02.532618+03:00 fortiworker phDataManager[8988]: ACE_SSL (8988|9528) ecode: 336462231 - 140E0197:SSL routines:SSL_shutdown:shutdown while in init.
I urgently need assistance to resolve this SSL certificate deployment issue.
MR
