IBM Support

"Could not convert socket to TLS" when configuring IBM Security QRadar SOAR to use an SMTP server

How To


Summary

"Could not convert socket to TLS" errors, when configuring a connection with an SMTP server, can be caused when trying to connect to a non-SSL port or when the SSL certificate use by the SMTP server is not trusted.

Steps

When IBM Security QRadar SOAR tries to send email messages to the SMTP server after configuring this feature by using resutil smtpedit, it will use TLS if the SMTP server supports it. However, if IBM SOAR does not trust the SMTP server's certificate, you get the "Could not convert socket to TLS" error message.

Check with your SMTP team whether the SMTP server is configured for SSL. If it is not, you can use resutil smtpedit -nostarttls to instruct IBM SOAR to not issue an encrypted TLS session with the SMTP server.

The top certificate authorities are companies such as Verisign, and eTrust, Comodo, GoDaddy, DigiCert. Certificates signed by these issuers are trusted. If the certificate returned by the SMTP server is not signed by a trusted certificate authority, then it is not trusted. You have to import the certificate from that server to explicitly trust it.

The solution to this problem is to add the SMTP server's certificate as a trusted certificate. To do that follow the steps in How to import untrusted certificates Into IBM Security SOAR.

Now you can now test that the new setup works by using this command. Replace with your email address.
sudo resutil smtptest -email <REPLACE>

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
21 January 2022

UID

ibm11162912

Page Feedback