IBM Security Guardium DISCOVERY agent fails to discover database instance, due to "certificate error"

Troubleshooting

Problem

During a discovery task, the DISCOVERY agent does not report a database instance when the DISCOVERY agent is running with Java 1.4

Symptom

DISCOVERY agent does not report any database instances from the DB Server while DISCOVERY is being executed using Java 1.4. In the DISCOVERY.log there is a 'certificate error' message.

Cause

The Guardium appliance has the "Poodle" vulnerability fix implemented. Java 1.4 does not have the same remediation. Java 1.4 will try use SSL instead of the TLS protocol resulting in the certificate error.

Diagnosing The Problem

DISCOVERY.log file reports the DB instance parameters followed by a 'certificate error'.

Resolving The Problem

Upgrade the installed Java to one that has the Poodle remediation implemented and change the DISCOVERY_JAVA_DIR to point to the new Java implementation. Reinstall or upgrade of the DISCOVERY agent will update the DISCOVERY startup string in SUPERVISOR with the new Java directory.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium DISCOVERY agent fails to discover database instance, due to "certificate error"

Troubleshooting

Problem

Symptom

Cause

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?