000026837 - How to enable SSL communications in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026837
Applies ToRSA Security Analytics
SSL
IssueHow to enable SSL communications in RSA Security Analytics
How do I enable SSL on SA components?
How do I enable SSL communications between the SA head unit and the rest of the components?
Resolution

 Summary: You can enable SSL on SA components to have a secure communications between SA and its components (concentrator, decoder etc). There are 2 main type of service you can enable SSL, the appliance service and the component service (also just known as the ?REST service? or the ?Service?)


 Section 1: Enable SSL on the appliance service


The appliance service is used to perform general maintenance of the appliance, e.g: collect log files, set  NTP server etc. It listens on port 50106, and you can check it?s communicating well by looking at the device -> system -> ?Appliance Service Information?. To enable SSL on the appliance service:


1.       From administration, select device -> config.


2.       Go to ?Appliance Service Configuration? tab


3.       Set ?SSL? to ?on?. Then click ?Apply?.


 


  Under device, go to ?System?


5.       Select ?Shutdown Appliance Service?. Enter your message per desired.


 


  Under device, go to ?Config?


7.       In the ?General? tab, modify ?SSL? to ?On?. Then click Apply


 


Section 2: Enable SSL on the component service (or known as the ?REST service? or the ?Service?)


The REST service is used to manage rest of the communications, including transmitting of data, settings all other configs, etc. Each of the SA components have their own REST ports. The typical ones are:


?         Decoder(50004/50104)


?         LogDecoder (50002/50102)


?         Concentrator(50005/50105)


?         Broker(50003/50103)


To enable SSL on the REST Service:


8.       Under device, go to ?System? . You can ignore the message ?Device not available? for now.


9.       Click ?Shutdown Service?


10.   Enter your message per desired.


 


 


Wait for 5 minutes, or you can try to login to the SA component (in my case, the decoder), and perform a command: tail ?f /var/log/messages. Then observe if there is a message showing the REST service is SSL enabled


 


Note: You can ignore the error on the ?SSL handshake failed on port 50106? for now


Go back to administration -> device


13.   Select the device -> edit


14.   Check ?SSL?, and enter the ?Password? and click ?Test Connection?. Save it once you get a ?Test Connection successful? message.


 


You have now enabled SSL communication between SA and the component. You can now go back to the device -> system to see all the information.


 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa64790

Attachments

    Outcomes