We are investigating an issue that presents itself in multi-ePO environments with bridged DXL fabrics connecting multiple ePO servers. In this state, customers might encounter issues with generating certificates for newly installed or upgraded TIE 4.x servers.
This issue can present itself during initial onboarding of servers, which results in systems being stuck during the "Waiting for TIE server handshake" portion of the startup wizard.
Customers with this issue might notice the following file is 0 bytes in size:
/var/Trellix/tieserver/keystore/tie_server.p12
The following error might also be present in /var/Trellix/tieserver/logs/tieserver.log:
(SaveAsJksCommand.java:133) - Error generating keyStore or while setting the keyStore entry
java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid
