Article Number
000001481
Applies To
RSA Product Set: NetWitness Logs & Packets, Security Analytics
RSA Product/Service Type: Log Collector, User Interface, Identity Feed
RSA Version/Condition: 10.6.x, 11.x, 12.x
Platform: CentOS, AlmaLinux
O/S Version: EL6, EL7
Issue
When setting up identity feed with Log Collector using HTTPS and using the hostname or IP address of the Log Collector service, the identity feed is not working due to a certificate validation failure.
The error message below is found in the /var/lib/netwitness/uax/logs/sa.log file.
javax.net.ssl.SSLException: hostname in certificate didn't match: <hostname> != <node_id>
Resolution
Works as designed.
Workaround
There are currently two approaches to work around this:
- Import log collector cert as documented in the Product Documentation
- Change the URL of Log Collector to use the node_id and add static mapping of node_id to IP in /etc/hosts of SA server (as shown below)
Perform the following steps for the second approach above:
- Connect to the Security Analytics server appliance via SSH as the root user.
- Navigate to /etc/hosts/ and map the node_id of the host to the appliance IP address.
- In the NetWitness UI, select Live > Feeds.
- In the Feeds view, click Add.
- In the Setup Feed dialog, select Identity Feed and click Next.
- In the Define Feed tab, select Recurring.
- In the URL field, enter the node_id of the host as the hostname.
For example, use <node_id> of 1n702df2-5891-4e9g-9323-4f492a8556fd instead of <ip_address> 10.11.12.13.
- In the Select Services form, select the Services on which feed is to be deployed and click Next.
- In the Review form, review feed information and if correct, click Finish.
Notes
Normal instructions for setting up Identity Feed can be found in the
product documentation.
