NetWitness Community

HemanathSeethar · ‎2018-10-24

Version of SA 11.1

We have problem in creating custom feed using the stored csv file which we have pull from one of our indicators source and store it in SA Head under /var/netwitness/srv/www/rsa/feeds.

Below is the error I see in SA logs

jetty.sh: 2018-10-24 06:13:40,554 [qtp575593575-21225] ERROR com.rsa.smc.sa.core.service.DefaultHttpClientService - http://localhost/feeds/test.csv
jetty.sh: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Tried below options as well

setting permission to the file location and folder as well
Tried both Authenticated and unauthenticated
Moving the file to /var/netwitness/srv/www directly as well
Given the Hostname, IP instead of localhost

We use custom certificate for the SA Console which works fine but the above error indicates something related to certificate

JoshRandall · ‎2018-10-24

Hemanath Seetharaman,

Since you say you're using a custom certificate, and not the self-signed, OOTB "netwitness” certificate, your connection URL will need to use the CN of your custom cert, in addition to the directory Miha Mesojedec mentions:

The CSV in the directory:

The CN of my custom cert:

And putting those together for the connection URL in the feed wizard:

You can also refer to Eric Partington's blog post that describes how to set this up.

HTH

Mr. Mongo

View solution in original post

MihaMesojedec · ‎2018-10-24

nginx is redirecting everything over https and that to get to the repos it is presenting /nwrpmrepos which is /var/netwitness/common/repo/ . Created a directory called feeds then placed the files there. Keep in mind these directories are browseable.

The CN on the certificate presented is "netwitness" so you will need to modify the host file and add the alias netwitness to the entry in order for the ui to be able to access the file.

JoshRandall · ‎2018-10-24

Hemanath Seetharaman,

Since you say you're using a custom certificate, and not the self-signed, OOTB "netwitness” certificate, your connection URL will need to use the CN of your custom cert, in addition to the directory Miha Mesojedec mentions:

The CSV in the directory:

The CN of my custom cert:

And putting those together for the connection URL in the feed wizard:

You can also refer to Eric Partington's blog post that describes how to set this up.

HTH

Mr. Mongo

HemanathSeethar · ‎2018-11-01

Thankyou for taking time to revert back on my query, I have tried all the mentioned option but still having the same issue.

But getting below error which is strange when I checked my server certificate with the given openssl command

verify error:num=19:self signed certificate in certificate chain

HemanathSeethar · ‎2018-11-01

One more observation if i run the same command with -CAfile followed by path where my custom certificate is stored then I dont see any error and it returns - Verify return code: 0 (ok)

openssl s_client -connect <mysanode cn name>:443 -CAfile /etc/pki/nw/web/web-server-cert.pem

JoshRandall · ‎2018-11-01

Have you imported your custom server certificate into the java keystore on the Admin server?

You can use the instructions here as a good guide: https://community.rsa.com/docs/DOC-80984 (start at bullet #6 in the "Export the NetWitness Endpoint SSL Certificate”).

Just make sure to give your cert a different alias than what's in those instructions.

Mr. Mongo

HemanathSeethar · ‎2018-11-02

Bingo! that resolved the issue... Thank You Joshua and others for helping me out

NetWitness Community

Custom CSV feed