Article Number | 000035771 |
Applies To | RSA Product Set: NetWitness Logs & Packets, Security Analytics RSA Product/Service Type: Log Collector, User Interface, Identity Feed RSA Version/Condition: 10.6.x, 11.x Platform: CentOS O/S Version: EL6 |
Issue | When setting up identity feed with Log Collector using HTTPS and using the hostname or IP address of the Log Collector service, the identity feed is not working due to a certificate validation failure.
The error message below is found in the /var/lib/netwitness/uax/logs/sa.log file.
javax.net.ssl.SSLException: hostname in certificate didn't match: <hostname> != <puppet_node_id>
|
Resolution | Works as designed. |
Workaround | There are currently two approaches to work around this:
- Import log collector cert as documented in the Product Documentation
- Change the URL of Log Collector to use the node_id and add static mapping of node_id to IP in /etc/hosts of SA server (as shown below)
Perform the following steps for the second approach above:
- Connect to the Security Analytics server appliance via SSH as the root user.
- Navigate to /etc/hosts/ and map the node_id of the host to the appliance IP address.
- In the RSA Security Analytics UI, select Live > Feeds.
- In the Feeds view, click Add.
- In the Setup Feed dialog, select Identity Feed and click Next.
- In the Define Feed tab, select Recurring.
- In the URL field, enter the node_id of the host as the hostname.
For example, use <node_id> of 1n702df2-5891-4e9g-9323-4f492a8556fd instead of <ip_address> 10.11.12.13. - In the Select Services form, select the Services on which feed is to be deployed and click Next.
- In the Review form, review feed information and if correct, click Finish.
|
Notes | Normal instructions for setting up Identity Feed can be found in the product documentation. |