Unable to configure recurring feed located in an internal HTTPS server

3 years ago

Originally Published: 2017-10-27

Article Number

000041005

Issue

When you are trying to configure a recurring custom feed from the UI > Live > Feeds page, the URL field becomes red and a red cross ('X') appears in the Verify button:

User-added image

You can also see a error similar to the following one in the /var/lib/netwitness/uax/logs/sa.log :

WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/live/null] in DispatcherServlet with name 'xxxx'
ERROR com.rsa.smc.sa.core.service.DefaultHttpClientService - https://xxxxxx.xxx/feed.csv
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Cause

The cause is that the site that contains the feed file uses a certificate that is signed by a custom or internal Certificate Authority (CA), so you need to import the root certificate of this CA in the SA Server in order to verify the site certificate.

Resolution

To import trusted CA Root certificates in the SA Server, please execute the following commands in the SA Server:

keytool -import -trustcacerts -alias <alias> -file <cacertificate.pem> -keystore /etc/pki/java/cacerts -storepass changeit

If your environment uses intermediate certificates, import them as well with the same command:

keytool -import -trustcacerts -alias <alias2> -file <intertmediatecertificate.pem> -keystore /etc/pki/java/cacerts -storepass changeit

restart jettysrv

Login to the UI and try to verify the feed again, you can also run the following command to confirm that the error mentioned above is no longer showing up:

tailf /var/lib/netwitness/uax/logs/sa.log

Notes

Please bear in mind that this procedure is to import trusted CA certificates for outbound connections and it is not the same as importing certificates for inbound connections to the SA Server which you normally do from the UI > Administration > Security.

Don't see what you're looking for?

Related Articles

Trending Articles