I have the Universal Forwarder on the same physical host as the Securonix application. The application is configured for SSL. After any event import job is run, I get the following error:

13:25:41,544 DEBUG AbstractResourceReader:517 - UI Url - https://xxx.xxx.xxx.xxx:8443/Profiler/ 13:25:41,962 FATAL EventImportJob:216 - Error in import for 6 com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149) at com.sun.jersey.api.client.Client.handle(Client.java:648) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503) at com.securonix.application.matcher.reader.AbstractResourceReader.updateIndex(AbstractResourceReader.java:530) at com.securonix.application.matcher.reader.FileResourceReader.executeImport(FileResourceReader.java:328) at com.securonix.application.matcher.process.ApplicationFeedController.importResourceData(ApplicationFeedController.java:32) at com.securonix.application.matcher.reader.ResourceDataReader.processImportData(ResourceDataReader.java:77) at com.securonix.universalforwarder.scheduler.jobs.EventImportJob.setup(EventImportJob.java:141) at com.securonix.application.scheduler.quartz.framework.QuartzJob.execute(QuartzJob.java:63) at org.quartz.core.JobRunShell.run(JobRunShell.java:216) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:240) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:147) ... 12 more Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142) at sun.security.util.HostnameChecker.match(HostnameChecker.java:91) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320) ... 26 more

asked 14 May '13, 04:37

Sammy's gravatar image

Sammy
11113
accept rate: 0%


The UniversalForwarder calls a webservice on the Securonix application to kick off incremental indexing on the new events. The uf.properties file stores the URL of the securonix application. If the Securonix application URL is an IP Address, the UniversalForwarder will fail to establish a connection over SSL. This is because the UniversalForwarder is a J2EE application and strictly follows the the rules laid out for checking server identity in section 3.1 of RFC 2818. The error message you recieve indicates those identity checks fail. In general, if you specify a URL of "https://www.server.net", then the certificate sent back from that server should contain a special field called the "Subject Alternative Name", and furthermore the value of this field should be www.server.net. In lieu of this, it may contain www.server.net in one of the CN fields of the subject name. But please see RFC 2818 for the actual rules. If neither of these is true, I think you receive the error you got.

To resolve this issue, you need to edit your /etc/hosts file to add an entry to point the IP Address to your hostname (example: If your server hostname is siem.securonix.us with IP address 192.168.1.10 then make sure you have an entry in /etc/hosts for 192.168.1.10 siem.securonix.com

Also, make sure that you have generated a certificate for the host name siem.securonix.com. The CN value should be siem.securonix.com and there should be SubjectAlternativeNames for the IP Address. If you are using OpenSSL as your certificate authority, then refer to http://apetec.com/support/GenerateSAN-CSR.htm

Finally, make sure that your uf.properties file has the host name:port number/Profiler and not the Ip Address

link

answered 14 May '13, 04:47

tgulati's gravatar image

tgulati ♦♦
2061411
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×7
×3
×1

Asked: 14 May '13, 04:37

Seen: 7,555 times

Last updated: 03 Jun '13, 20:17