Highlighted
Respected Contributor.
Respected Contributor.
4151 views

certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

I am trying to add a destination to a syslog connector that is currently feeding a v5.0 ESM and a Logger successfully.  There are no connectivity issues between the source host where the connector is running and the ESM.  The connector doesn't auto-negotiate the manager certificate.

Connector is version: 5.2.3.6281.0

ESM is version 6.5.1.2083.2

There is another connector running on the same system that I was able to add to the v6.5.1 ESM successfully, it is also version 5.2.3.6281.0.  Cert was auto-negotiated during connector registration process in that case.  I tried adding the manager certificate manually to the connector's nssdb but that didn't seem to solve the problem.

I ran:

arcsight runcertutil -A -n FQDNofESM -t CT,C,C -d ../<connector path>/bin/nss/ -I /<location of ESM.crt>

It seemed to import the manager cert because when I run:

arcsight runcertutil -L -d /<connector path>/user/agent/nssdb.client/ it shows the FQDN of the manager among the other certs.

Any idea where I'm going wrong?  Strange that it worked for one connector but not the other despite them being the same version on the same host.

Thanks.

Labels (3)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Respected Contributor.
Respected Contributor.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution
8 Replies
Highlighted
Absent Member.
Absent Member.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

I'm getting the same error when configuring a forwarder to my logger.  Latest version of logger.  I was able to configure a syslog forwarder but my oracle forwarder is generating the error.

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

I was talking to some folks and it sounds like this is a very common problem.  I am surprised then, that I cannot find a solution.

Basically we're talking about how to manually import certificates into connectors.

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution
Highlighted
Respected Contributor.
Respected Contributor.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

This is the solution to this problem.  I can't paste into this chat box for whatever reason so you'll have to click the thumbnail to see the solution.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

I had a ticket in with HP Support, as usual they were far from helpful but the technician did eventually tell me to import the certificates manually (took about 6 back and forth messages over about 36 hours(.  I was able to do it through the GUI through a really backwards way.  Normally I'd do CLI however the box that was operating the connector was managed by another group that wasn't available to get me access.  Eventually it worked though.

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

Well, I figured it out eventually.  Hopefully people will find this post in the future and get past this much more quickly than I did.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

Hi All,

Another method, and a quite easy one, is to copy the cacerts file from the console directory.

The console can import the manager certificate when trying to connect on the first time.

So what you need to do is try to login the both managers with the console (the version is no important for this method), Then after you click "OK" when asked to trust the certificate, You just replace the cacerts file that was taken from the console directory to the agent and just add the new destination!

Cacerts location: <ARCSIGHT_HOME>\current\jre\lib\security\

Good luck

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: certificate not trusted - SSL error adding ESM destination to existing functional connector

Jump to solution

Thanks @Stephen Mullins it work for me.

Thanks& Regards

Anoop Padhye

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.