Article Content
Article Number | 000031713 |
Applies To | RSA Product Set: Archer, Security Management RSA Product/Service Type: Vulnerability Risk Manager (VRM) RSA Version/Condition: 1.1 SP1 |
Issue | If configuring a Nessus or Rapid 7 endpoint and you are using something other than Hostname for the CN between the Nesses/Rapid 7 certificate and the VRM host file and you receive the following error message in the Collector.log file: 03 Nov 2015 11:58:40,106 | DEBUG - TalendTasklet.executeJob(158) | getRapid7HostList: Releasing lock for job. 03 Nov 2015 11:58:40,106 | DEBUG - TalendJobUtil.connectToUrl(328) | Connecting to URL https://xxxxxxxxxxxxxxxxxxx:3780/api/1.1/xml without Proxy 03 Nov 2015 11:58:40,153 | ERROR - TalendJobUtil.getRapid7SessionID(274) | Failed to get Rapid7 session ID. Exiting the Talend Job sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 03 Nov 2015 11:58:40,168 | ERROR - GetRapid7HostList.tLogCatcher_1Process(2891) | Error occured processing GetRapid7HostList job. Message is java.lang.Exception:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 03 Nov 2015 11:58:40,168 | ERROR - TalendTasklet.execute(72) | getRapid7HostList: ERROR | Etl job failed with return code: 1 03 Nov 2015 11:58:40,168 | DEBUG - FilePropertyManagerImpl.setProperty(29) | Setting property rapid7.NARCALA_INT.getRapid7HostList.lastStatus to ERROR |
Resolution | Set the "sslHostNameVerification" to false in the listed configuration files:
|
Notes | By default the endpoints are expecting a hostname-based CN between Nesses/Rapid7 and the Host file. |