We're investigating an issue that presents itself in multi-ePolicy Orchestrator (multi-ePO) environments with bridged Data Exchange Layer (DXL) fabrics connecting multiple ePO servers. In this state, customers might encounter issues with generating certificates for newly installed or upgraded TIE 4.x servers.
This issue can present itself during the initial onboarding of servers, resulting in systems being stuck during the "Waiting for TIE server handshake" portion of the startup wizard.
Customers with this issue might notice the following file is 0 bytes in size:
/var/Trellix/tieserver/keystore/tie_server.p12
The following error might also be present in
/var/Trellix/tieserver/logs/tieserver.log:
(SaveAsJksCommand.java:133) - Error generating keyStore or while setting the keyStore entry
java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid