000033065 - Unable to execute IPDB Reports because certificate validation fails in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 9, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033065
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: IPDB Extractor, Reporting Engine
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
IssueUnable to execute IPDB Reports during SSL handshake because certificate validation fails.
CauseIn SSL mode, the IPDB Extractor presents the certificate for validation to the Reporting Engine during SSL Handshake and carlos certificate which is used in SSL mode got expired.
ResolutionIf IPDBEXTRACTOR setup is in SSL mode, then set the SSL mode to false (i.e non-SSL).

To do so, follow the steps below.
  1. Login to the REST API of the IPDB Extractor and navigate to the Configuration settings.

    http://<IPDBEXTRACTOR IP>:50125/ipdbextractor/config

  2. Set the parameter SSL (transport.ssl) to false.
  3. Connect to the appliance via SSH as the root user and restart nwipdbextractor service.
  4. Log into the Security Analytics UI and Navigate to Administration -> Services -> Reporting Engine -> Config -> Source.
  5. Delete the existing IPDB data source and then re-add the IPDB Data Source.
  6. Add the rule and run the report.

The report should now run successfully.  If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.