000033065 - Unable to execute IPDB Reports because certificate validation fails in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033065
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: IPDB Extractor, Reporting Engine
IssueUnable to execute IPDB Reports during SSL handshake because certificate validation fails.
CauseIn SSL mode, the IPDB Extractor presents the certificate for validation to the Reporting Engine during SSL Handshake and carlos certificate which is used in SSL mode got expired
ResolutionIf IPDBEXTRACTOR setup is in SSL mode, then set the SSL mode to false (i.e non-SSL).
To do so, follow the steps below.
  1. Login to the REST API of the IPDB Extractor and navigate to the Configuration settings.
    http://<IPDBEXTRACTOR IP>:50125/ipdbextractor/config

  2. Set the parameter SSL (transport.ssl) to false.
  3. Connect to the appliance via SSH as the root user and restart nwipdbextractor service.
  4. Log into the Security Analytics UI and Navigate to Administration -> Services -> Reporting Engine -> Config -> Source.
  5. Delete the existing IPDB data source and then re-add the IPDB Data Source.
  6. Add the rule and run the report.
The report should now run successfully.  If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.