Replacing the Default Certificate in JSA Generates Invalid PEM Errors
Replacing the default certificate in JSA causes the ConfigurationServer.PEM file to change, affecting all
WinCollect agents in the deployment. To fix this issue, you must replace
the ConfigurationServer.PEM file on the
Windows host.
WinCollect agents receive rejection messages because the incorrect certificate is passed when the agents attempt to communicate with the updated JSA appliance. The following error message appears in the logs:
May 17 17:06:31 ::ffff:IP ADDRESS [ecs-ec] [WinCollectConfigHandler_4] com.q1labs.sem.semsources. wincollectconfigserver.WinCollectConfigHandler: [ERROR] [NOT:0000003000] [192.0.2.0/- -] [-/- -]Agent with ip: IP ADDRESS tried to connect with an invalid PEM
The IP address of the agent that is attempting to communicate
is displayed. The WinCollect agent also sends LEEF Syslog messages
to inform the administrator of the communication issue due to the
invalid certificate. To fix this issue, you must replace the ConfigurationServer.PEM file on the Windows host.
This action must be completed by a Windows administrator or a user that has privileges to delete files from the remote Windows host.
Open a remote desktop connection to the WinCollect Agent that is unable to communicate.
Click Start > Run.
Type
services.msc, then click OK.Stop the WinCollect service.
On the Windows host, navigate to the WinCollect configuration folder.
By default, the folder path is: C:\ProgramFiles\IBM\WinCollect\config
Delete
ConfigurationServer.PEM.From the Services window, start the WinCollect service.