I am trying to add a destination to a syslog connector that is currently feeding a v5.0 ESM and a Logger successfully. There are no connectivity issues between the source host where the connector is running and the ESM. The connector doesn't auto-negotiate the manager certificate.
Connector is version: 18.104.22.16881.0
ESM is version 22.214.171.1243.2
There is another connector running on the same system that I was able to add to the v6.5.1 ESM successfully, it is also version 126.96.36.19981.0. Cert was auto-negotiated during connector registration process in that case. I tried adding the manager certificate manually to the connector's nssdb but that didn't seem to solve the problem.
arcsight runcertutil -A -n FQDNofESM -t CT,C,C -d ../<connector path>/bin/nss/ -I /<location of ESM.crt>
It seemed to import the manager cert because when I run:
arcsight runcertutil -L -d /<connector path>/user/agent/nssdb.client/ it shows the FQDN of the manager among the other certs.
Any idea where I'm going wrong? Strange that it worked for one connector but not the other despite them being the same version on the same host.
I'm getting the same error when configuring a forwarder to my logger. Latest version of logger. I was able to configure a syslog forwarder but my oracle forwarder is generating the error.
I was talking to some folks and it sounds like this is a very common problem. I am surprised then, that I cannot find a solution.
Basically we're talking about how to manually import certificates into connectors.
This is the solution to this problem. I can't paste into this chat box for whatever reason so you'll have to click the thumbnail to see the solution.
I had a ticket in with HP Support, as usual they were far from helpful but the technician did eventually tell me to import the certificates manually (took about 6 back and forth messages over about 36 hours(. I was able to do it through the GUI through a really backwards way. Normally I'd do CLI however the box that was operating the connector was managed by another group that wasn't available to get me access. Eventually it worked though.
Well, I figured it out eventually. Hopefully people will find this post in the future and get past this much more quickly than I did.
Another method, and a quite easy one, is to copy the cacerts file from the console directory.
The console can import the manager certificate when trying to connect on the first time.
So what you need to do is try to login the both managers with the console (the version is no important for this method), Then after you click "OK" when asked to trust the certificate, You just replace the cacerts file that was taken from the console directory to the agent and just add the new destination!
Cacerts location: <ARCSIGHT_HOME>\current\jre\lib\security\
Thanks @Stephen Mullins it work for me.