Issues with Service Gateway appliance running for more than a year without updates or restart

Views:

If your Service Gateway appliance has been running for more than a year without updates or restarting the appliance, the appliance might start to show abnormal behavior or status such as:

Unable to connect to TrendAI Vision One services
Status shows status unhealthy or service cannot work

These issues are caused by the Service Gateway internal certificate expiring. The certificate is renewed whenever you apply an update to the Service Gateway. To avoid the issue, make sure you regularly update your Service Gateway appliances. You can enable automatic updates in the Service Gateway settings. For more information, see Configure Service Gateway settings.

Note

If you have Service Gateway 2.0 appliances, automatic updates will not perform the upgrade from version 2.0 to 3.0. You must upgrade your appliances manually. For more information, see Upgrade from Service Gateway 2.0 to 3.0.

To resolve the certificate issue for a Service Gateway that has been running for more than a year without updates or restarting, use the following steps:

Procedure

Sign in to the Service Gateway with root permission.

Service Gateway does not normally allow root access. If you have not previously set up root access, you will need to create an ssh key pair.
1. Using a Linux or macOS machine, access terminal and use the following command to generate an ssh key:
  
  ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
2. View the generated id_rsa.pub file and copy the long key in the middle of the document.
  
  An example long key might look like the following:
  
  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLHcZJ4PWKs0hvZYYLkXUwbeV5LdKmlR7eZFpRDa/9AeNb36vGodL3Ezo+3wGQ6tlDCM2UoonfU+Fkk8MhrCTqbJc2DDkhjXUOD+5HrRdDbfQtMTv6V3lMMk7U2w== your_email@example.com
3. Access the Service Gateway terminal using the admin account.
4. Run the enable command to enable administrative commands.
5. Add the key to the Service Gateway.
  
  Use the command configure verify cli support "ssh_long_key" where "ssh_long_key" is your generated key without the quotes.
6. On the machine you generated the key, run the command:
  
  ssh sgowner@ip_of_service_gateway -i /Users/username/.ssh/id_rsa
  
  Where sgowner is the account you want to use for root access. Make sure to replace username in the ssh filepath with the appropriate user name.
7. Access the Service Gateway using the sgowner account.
8. To access root privileges, use the command:
  
  sudo su -
Run the command:

microk8s refresh-certs --cert server.crt
Run the command:

microk8s stop; microk8s start
After you have refreshed the certificate, update your Service Gateway and enable automatic updates to keep your appliances up to date with the latest features and fixes.