000026837 - How to enable SSL communications in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026837
Applies ToRSA Security Analytics
IssueHow to enable SSL communications in RSA Security Analytics
How do I enable SSL on SA components?
How do I enable SSL communications between the SA head unit and the rest of the components?

 Summary: You can enable SSL on SA components to have a secure communications between SA and its components (concentrator, decoder etc). There are 2 main type of service you can enable SSL, the appliance service and the component service (also just known as the ?REST service? or the ?Service?)

 Section 1: Enable SSL on the appliance service

The appliance service is used to perform general maintenance of the appliance, e.g: collect log files, set  NTP server etc. It listens on port 50106, and you can check it?s communicating well by looking at the device -> system -> ?Appliance Service Information?. To enable SSL on the appliance service:

1.       From administration, select device -> config.

2.       Go to ?Appliance Service Configuration? tab

3.       Set ?SSL? to ?on?. Then click ?Apply?.


  Under device, go to ?System?

5.       Select ?Shutdown Appliance Service?. Enter your message per desired.


  Under device, go to ?Config?

7.       In the ?General? tab, modify ?SSL? to ?On?. Then click Apply


Section 2: Enable SSL on the component service (or known as the ?REST service? or the ?Service?)

The REST service is used to manage rest of the communications, including transmitting of data, settings all other configs, etc. Each of the SA components have their own REST ports. The typical ones are:

?         Decoder(50004/50104)

?         LogDecoder (50002/50102)

?         Concentrator(50005/50105)

?         Broker(50003/50103)

To enable SSL on the REST Service:

8.       Under device, go to ?System? . You can ignore the message ?Device not available? for now.

9.       Click ?Shutdown Service?

10.   Enter your message per desired.



Wait for 5 minutes, or you can try to login to the SA component (in my case, the decoder), and perform a command: tail ?f /var/log/messages. Then observe if there is a message showing the REST service is SSL enabled


Note: You can ignore the error on the ?SSL handshake failed on port 50106? for now

Go back to administration -> device

13.   Select the device -> edit

14.   Check ?SSL?, and enter the ?Password? and click ?Test Connection?. Save it once you get a ?Test Connection successful? message.


You have now enabled SSL communication between SA and the component. You can now go back to the device -> system to see all the information.


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa64790