Reset Search
 

 
Article

KB43773 - After upgrading to Pulse One 1743.1 (On-Premise), administrator web console is no longer accessible and prompt for "Enter PEM passphrase" appears

Printable View
« Go Back

Information

 
Last Modified Date12/20/2018 4:35 PM
Synopsis
This article describes an issue where the Pulse One (On-Premise) administrator web console is no longer accessible after upgrade to 1743.1 and above.
Problem or Goal
After reboot or restart of the Pulse One device, the following log message will appear from the serial console when running "services log proxy" command: 
proxy_1 | nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/certs/ssl_certificate.key") failed 
(SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:
PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:
SSL_CTX_use_PrivateKey_file:PEM lib)
proxy_1 | Enter PEM pass phrase:
Additionally, the proxy process will remain in "Restarting" status when running "services status" command in the serial console. 
log-collector   Up
log-indexer     Up
proxy           Restarting
pws-api         Up

 
Cause
This issue occurs when the proxy process start and unable to validate the private key password. In previous Pulse One releases, additional validation checks were built to help avoid a mismatch between the public / private key pair.
Solution
To resolve this problem, perform the following steps:

Note: Private / public key pair may be generate in multiple ways, but the following examples are using openssl
  1. Generate a private key using the following command:
openssl genrsa -des3 -out private.pem 2048
  1. When requested for a pass phrase, hit the Enter key
  2. Open the file (i.e. private.pem) with a text editor and copy the content
  3. Login to the Pulse One serial console
  4. Enter the command to import the private key:
https set key
  1. A message will appear requesting to overwrite the private key, enter 'Y'
Overwriting private key will invalidate and delete current certificate.
Overwrite existing key? [y/N]: Y
  1. Paste the content from private key in the serial console
  2. Once import is successful, enter the following command to create a new csr:
https csr --with-text
  1. Complete the CSR template form and CSR content will be outputted on the screen. Copy all content starting with "-----BEGIN CERTIFICATE REQUEST-----" and ending with "-----END CERTIFICATE REQUEST-----"
-----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCVVMxHzAdBgNVBAMMFnAxLmdlYy5sYWIu
.....
0mpqEIon3zhkoFGjZXLEmT19FVsdBFbeqAY=
-----END CERTIFICATE REQUEST-----
  1. Provide the following information to your certificate authority to issue a public key
  2. Once the public key is issued, copy the PEM or Base64 content
  3. From the Pulse One serial console, enter the following command:
https set cert
  1. Paste the content of the public key
  2. Once completed, run the command to restart services
services restart
Related Links
Attachment 1 
Created ByK. Kitajima

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255