Identity Feed not working
2 years ago
Originally Published: 2015-07-10
Article Number
000055088
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: SA Live
RSA Version/Condition: 10.4.1.1
Platform: CentOS
Platform (Other): null
O/S Version: 6
Product Name: SA-S4H-AS
Product Description: Series4S HeadUnit-Anlytics Svr 10 User
Issue
We have our SIEM pulling logs from Active Directory and have setup an Identity feed. The Identity feed was working but has now stopped working. I cannot get the Rest URL link to verify. I have read a couple KB articles on the subject but cannot get it to work.
Cause
  
tailf /var/lib/netwitness/uax/logs/sa.log
  
2015-07-10 19:49:13,436 [qtp1734878645-97779] WARN  org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/live/null] in DispatcherServlet with name 'mvc'
2015-07-10 19:49:13,455 [qtp1734878645-97778] ERROR com.rsa.smc.sa.core.service.DefaultHttpClientService - https://10.111.5.122:50101/event-processors/wawanesa_domain?msg=getFile&force-content-type=application/octet-stream&expiry=600
javax.net.ssl.SSLException: hostname in certificate didn't match: <10.111.5.122> != <67274c14-aa12-48e8-9002-e7486bc5be35>



 
Resolution
  1. Add IP and LogDecoder node_id to /etc/hosts
  2. Import SSL certificate into Security Analytics keystore:
# echo -n | openssl s_client -connect <HOST>:<PORT> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/<SERVERNAME>.cert 

#  keytool -importcert -alias <name an alias for the cert> -file <the cert file pathname> -keystore /etc/pki/java/cacerts 

Note: A password will be requested above. Use 'changeit' 

# jettysrv restart

 

Related Articles

Trending Articles

Don't see what you're looking for?