Unable to install applications in the IBM Security QRadar SOAR Administrator settings>Apps tab

Troubleshooting

Problem

You receive an error installing applications in IBM Security QRadar SOAR, Administrator settings>Apps tab

Cause

The IBM Security SOAR platform is on the GCP cloud and behind an IAP (Identity Aware Proxy)

The IBM Security SOAR baseURL setting will "redirect" the connection to the IAP (Identity Aware Proxy) page to log in. Because of the "redirection", we cannot get a valid session between the client and the "baseURL" server.

Diagnosing The Problem

The /usr/share/co3/logs/client.log shows the following error

00:57:58.596 [Camel (camel-1) thread #13 - JmsConsumer[interprocessevents.principalQueue.*]] ERROR [] o.a.c.c.j.DefaultJmsMessageListenerContainer - Could not refresh JMS Connection for destination 'interprocessevents.principalQueue.*' - retrying using FixedBackOff{interval=5000, currentAttempts=2874, maxAttempts=unlimited}. Cause: Could not connect to broker URL: ssl://127.0.0.1:65000?socket.verifyHostName=false&socket.enabledProtocols=TLSv1.2&socket.enabledCipherSuites=SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA%2CTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_GCM_SHA256%2CTLS_RSA_WITH_AES_128_CBC_SHA%2CTLS_RSA_WITH_AES_128_CBC_SHA256%2CTLS_RSA_WITH_AES_256_CBC_SHA%2CTLS_RSA_WITH_AES_256_CBC_SHA256%2CTLS_RSA_WITH_AES_128_GCM_SHA256. Reason: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
java.lang.IllegalStateException: Unable to acquire connection from pool
	at com.co3.broker.JMSMessageReader.<init>(JMSMessageReader.java:36)
	at com.co3.broker.SearchQueueProcessor.newMessageReader(SearchQueueProcessor.java:57)
	at com.co3.broker.SearchQueueProcessor.processMessages(SearchQueueProcessor.java:140)
	at com.co3.broker.SearchQueueProcessor$1.run(SearchQueueProcessor.java:169)
	at io.opentracing.contrib.concurrent.TracedRunnable.run(TracedRunnable.java:30)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:319)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:191)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.lang.Thread.run(Thread.java:822)
Caused by: javax.jms.JMSException: Could not connect to broker URL: ssl://127.0.0.1:65000?socket.verifyHostName=false&socket.enabledProtocols=TLSv1.2&socket.enabledCipherSuites=SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA%2CTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_GCM_SHA256%2CTLS_RSA_WITH_AES_128_CBC_SHA%2CTLS_RSA_WITH_AES_128_CBC_SHA256%2CTLS_RSA_WITH_AES_256_CBC_SHA%2CTLS_RSA_WITH_AES_256_CBC_SHA256%2CTLS_RSA_WITH_AES_128_GCM_SHA256. Reason: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
	at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
	at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:374)
	at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:252)
	at com.co3.broker.PooledConnectionFactory.create(PooledConnectionFactory.java:34)
	at com.co3.broker.PooledConnectionFactory.create(PooledConnectionFactory.java:20)
	at org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:58)
	at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:918)
	at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:431)
	at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:356)
	at com.co3.broker.JMSMessageReader.<init>(JMSMessageReader.java:34)
	... 11 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
	at com.ibm.jsse2.k.a(k.java:43)
	at com.ibm.jsse2.av.a(av.java:722)
	at com.ibm.jsse2.D.a(D.java:121)
	at com.ibm.jsse2.D.a(D.java:572)
	at com.ibm.jsse2.E.a(E.java:585)
	at com.ibm.jsse2.E.a(E.java:479)
	at com.ibm.jsse2.D.s(D.java:286)
	at com.ibm.jsse2.D.a(D.java:251)
	at com.ibm.jsse2.av.a(av.java:788)
	at com.ibm.jsse2.av.i(av.java:45)
	at com.ibm.jsse2.av.a(av.java:531)
	at com.ibm.jsse2.i.write(i.java:33)
	at org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115)
	at java.io.DataOutputStream.flush(DataOutputStream.java:134)
	at org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:194)
	at org.apache.activemq.transport.AbstractInactivityMonitor.doOnewaySend(AbstractInactivityMonitor.java:335)
	at org.apache.activemq.transport.AbstractInactivityMonitor.oneway(AbstractInactivityMonitor.java:317)
	at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:181)
	at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84)
	at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74)
	at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
	at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
	at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:354)
	... 19 common frames omitted
Caused by: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
	at com.ibm.jsse2.util.f.a(f.java:85)
	at com.ibm.jsse2.util.f.b(f.java:8)
	at com.ibm.jsse2.util.e.a(e.java:6)
	at com.ibm.jsse2.aD.a(aD.java:75)
	at com.ibm.jsse2.aD.a(aD.java:181)
	at com.ibm.jsse2.aD.checkServerTrusted(aD.java:144)
	at com.ibm.jsse2.E.a(E.java:145)
	... 37 common frames omitted
Caused by: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
	at com.ibm.security.cert.SunCertPathBuilder.build(SunCertPathBuilder.java:139)
	at com.ibm.security.cert.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:124)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:292)
	at com.ibm.jsse2.util.f.a(f.java:129)

Resolving The Problem

The current workaround is to set the baseURL to localhost, install your apps, then reset the baseURL to its original setting.

Check your current baseURL:

sudo resutil configget -baseurl

Change the baseURL:

sudo resutil configset -key baseurl -svalue https://localhost

Install your applications - (no need to configure or deploy)

Reset you baseURL to the original server:

sudo resutil configset -key baseurl -svalue https://<original server>

Run this command to clear the baseURL all together:

sudo -i -u postgres psql co3 -c "delete from monapp.configvars where cvar_name = 'baseurl'";

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"TS005635348","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Unable to install applications in the IBM Security QRadar SOAR Administrator settings>Apps tab

Troubleshooting

Problem

Cause

Diagnosing The Problem

Resolving The Problem

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?