Article Number
000001728
Applies To
RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: IPDB Extractor, Reporting Engine
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
Issue
Unable to execute IPDB Reports during SSL handshake because certificate validation fails.
Cause
In SSL mode, the IPDB Extractor presents the certificate for validation to the Reporting Engine during SSL Handshake and carlos certificate which is used in SSL mode got expired.
Resolution
If IPDBEXTRACTOR setup is in SSL mode, then set the SSL mode to false (i.e non-SSL).
To do so, follow the steps below.
- Login to the REST API of the IPDB Extractor and navigate to the Configuration settings.
http://<IPDBEXTRACTOR IP>:50125/ipdbextractor/config
- Set the parameter SSL (transport.ssl) to false.
- Connect to the appliance via SSH as the root user and restart nwipdbextractor service.
- Log into the Security Analytics UI and Navigate to Administration -> Services -> Reporting Engine -> Config -> Source.
- Delete the existing IPDB data source and then re-add the IPDB Data Source.
- Add the rule and run the report.
The report should now run successfully. If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.