NetWorker: Windows NMC Server Fails to Start GSTD Service after Replacing Certificates

Summary: The NetWorker Management Console (NMC) server deploys with a self-signed certificate. The self-signed certificate was replaced with a CA signed server certificate. After replacing the certificate on a Windows NMC server, the server's GSTD service fails to start, reporting "gstd NSR warning Error getting certificate and private key for SSL" ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

A Windows NetWorker Management Console (NMC) server was modified to use a CA signed server certificate instead of the default self-signed certificate.

The NMC GSTD service fails to start with the following error reported in the C:\Program Files\EMC NetWorker\Management\GST\logs\gstd.rawNetWorker: How to use nsr_render_log to render .raw log files

31581 8/6/2025 9:47:37 AM  2 0 0 2044 10296 0 win-srvr01.networker.lan gstd NSR warning *** gstd starting at Wed Aug 06 09:47:37 2025
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice @(#) Product:      NetWorker
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice @(#) Release:      19.9.0.1.Build.29
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice @(#) Build number: 29
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice @(#) Build date:   Sun May 28 23:51:46 PDT 2023
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice Build arch.:  ntx64
0 8/6/2025 9:47:37 AM  1 5 0 2044 10296 0 win-srvr01.networker.lan gstd NSR notice @(#) Build info:   DBG=0,OPT=
57789 8/6/2025 9:47:37 AM  2 0 0 2044 10296 0 win-srvr01.networker.lan gstd NSR warning Error getting certificate and private key for SSL
19154 8/6/2025 9:47:37 AM  2 0 0 2044 10296 0 win-srvr01.networker.lan gstd NSR warning gstd: gt_server: library error 0 os error

The correct version of OpenSSL for the NMC version was used: NetWorker: NMC GST service starts then immediately shuts down after replacing cakey.pem

Cause

Encoding issue of the cakey.pem file.

The cakey.pem file was created using PowerShell. The default Out-File format is UTF-16 LE. The file is not read correctly during GSTD service start up, causing the failure.

Resolution

When creating the cakey.pem file using PowerShell, enforce ASCII encoding. Example:

Get-Content C:\tmp\server.key.pem, C:\tmp\server.crt.pem | Out-File C:\tmp\cakey.pem -Encoding ascii

For more information, see: NetWorker: How to Import or Replace Certificate Authority Signed Certificates for NMC

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000355910
Article Type: Solution
Last Modified: 18 Sept 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.