Troubleshooting
Problem
You receive an error installing applications in IBM Security QRadar SOAR, Administrator settings>Apps tab
Cause
The IBM Security SOAR platform is on the GCP cloud and behind an IAP (Identity Aware Proxy)
The IBM Security SOAR baseURL setting will "redirect" the connection to the IAP (Identity Aware Proxy) page to log in. Because of the "redirection", we cannot get a valid session between the client and the "baseURL" server.
Diagnosing The Problem
The /usr/share/co3/logs/client.log shows the following error
00:57:58.596 [Camel (camel-1) thread #13 - JmsConsumer[interprocessevents.principalQueue.*]] ERROR [] o.a.c.c.j.DefaultJmsMessageListenerContainer - Could not refresh JMS Connection for destination 'interprocessevents.principalQueue.*' - retrying using FixedBackOff{interval=5000, currentAttempts=2874, maxAttempts=unlimited}. Cause: Could not connect to broker URL: ssl://127.0.0.1:65000?socket.verifyHostName=false&socket.enabledProtocols=TLSv1.2&socket.enabledCipherSuites=SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA%2CTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_GCM_SHA256%2CTLS_RSA_WITH_AES_128_CBC_SHA%2CTLS_RSA_WITH_AES_128_CBC_SHA256%2CTLS_RSA_WITH_AES_256_CBC_SHA%2CTLS_RSA_WITH_AES_256_CBC_SHA256%2CTLS_RSA_WITH_AES_128_GCM_SHA256. Reason: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
java.lang.IllegalStateException: Unable to acquire connection from pool
at com.co3.broker.JMSMessageReader.<init>(JMSMessageReader.java:36)
at com.co3.broker.SearchQueueProcessor.newMessageReader(SearchQueueProcessor.java:57)
at com.co3.broker.SearchQueueProcessor.processMessages(SearchQueueProcessor.java:140)
at com.co3.broker.SearchQueueProcessor$1.run(SearchQueueProcessor.java:169)
at io.opentracing.contrib.concurrent.TracedRunnable.run(TracedRunnable.java:30)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:319)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:191)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:822)
Caused by: javax.jms.JMSException: Could not connect to broker URL: ssl://127.0.0.1:65000?socket.verifyHostName=false&socket.enabledProtocols=TLSv1.2&socket.enabledCipherSuites=SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384%2CSSL_ECDHE_RSA_WITH_AES_256_CBC_SHA%2CSSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256%2CSSL_ECDHE_RSA_WITH_AES_128_CBC_SHA%2CTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_CBC_SHA256%2CTLS_ECDH_RSA_WITH_AES_128_GCM_SHA256%2CTLS_RSA_WITH_AES_128_CBC_SHA%2CTLS_RSA_WITH_AES_128_CBC_SHA256%2CTLS_RSA_WITH_AES_256_CBC_SHA%2CTLS_RSA_WITH_AES_256_CBC_SHA256%2CTLS_RSA_WITH_AES_128_GCM_SHA256. Reason: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:374)
at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:252)
at com.co3.broker.PooledConnectionFactory.create(PooledConnectionFactory.java:34)
at com.co3.broker.PooledConnectionFactory.create(PooledConnectionFactory.java:20)
at org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:58)
at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:918)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:431)
at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:356)
at com.co3.broker.JMSMessageReader.<init>(JMSMessageReader.java:34)
... 11 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.jsse2.k.a(k.java:43)
at com.ibm.jsse2.av.a(av.java:722)
at com.ibm.jsse2.D.a(D.java:121)
at com.ibm.jsse2.D.a(D.java:572)
at com.ibm.jsse2.E.a(E.java:585)
at com.ibm.jsse2.E.a(E.java:479)
at com.ibm.jsse2.D.s(D.java:286)
at com.ibm.jsse2.D.a(D.java:251)
at com.ibm.jsse2.av.a(av.java:788)
at com.ibm.jsse2.av.i(av.java:45)
at com.ibm.jsse2.av.a(av.java:531)
at com.ibm.jsse2.i.write(i.java:33)
at org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115)
at java.io.DataOutputStream.flush(DataOutputStream.java:134)
at org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:194)
at org.apache.activemq.transport.AbstractInactivityMonitor.doOnewaySend(AbstractInactivityMonitor.java:335)
at org.apache.activemq.transport.AbstractInactivityMonitor.oneway(AbstractInactivityMonitor.java:317)
at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:181)
at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84)
at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64)
at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:354)
... 19 common frames omitted
Caused by: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.jsse2.util.f.a(f.java:85)
at com.ibm.jsse2.util.f.b(f.java:8)
at com.ibm.jsse2.util.e.a(e.java:6)
at com.ibm.jsse2.aD.a(aD.java:75)
at com.ibm.jsse2.aD.a(aD.java:181)
at com.ibm.jsse2.aD.checkServerTrusted(aD.java:144)
at com.ibm.jsse2.E.a(E.java:145)
... 37 common frames omitted
Caused by: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.security.cert.SunCertPathBuilder.build(SunCertPathBuilder.java:139)
at com.ibm.security.cert.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:124)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:292)
at com.ibm.jsse2.util.f.a(f.java:129)
Resolving The Problem
The current workaround is to set the baseURL to localhost, install your apps, then reset the baseURL to its original setting.
Check your current baseURL:
sudo resutil configget -baseurl
Change the baseURL:
sudo resutil configset -key baseurl -svalue https://localhost
Install your applications - (no need to configure or deploy)
Reset you baseURL to the original server:
sudo resutil configset -key baseurl -svalue https://<original server>
Run this command to clear the baseURL all together:
sudo -i -u postgres psql co3 -c "delete from monapp.configvars where cvar_name = 'baseurl'";
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"TS005635348","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 August 2022
UID
ibm16469027