IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

1. ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Like
Lucian Sipos
Posted Thu June 20, 2024 04:26 AM
Edited by Lucian Sipos Thu June 20, 2024 06:24 AM

Reply
Hello all

We recently renewed the certificates on Resilient and now, in resilient-messaging.log, we have this error in polling:

09:47:09.541 [ActiveMQ BrokerService[detachedBroker] Task-2573] WARN v=unknown o.a.a.broker.TransportConnector - Could not accept connection from tcp://QRADAR_CONSOLE_IP:PORT: Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Someone know where we can look to investigate further?

Other logs (client, various resilient-*) are ok, no errors.

Restarting resilient-messaging service doesn't solve the problem (STOMP errors after importing a new SSL certificate in to IBM Resilient)

Thanks

------------------------------
Lucian Sipos
------------------------------
2. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Like
Priya Sapra
Posted Wed June 26, 2024 10:05 AM

Reply
Hi Lucian,

Which app is this affecting? Do you have the QRadar SOAR plugin installed in SIEM and now you are facing issues with it or is this a different app?

Thanks

------------------------------
Priya Sapra
------------------------------

Original Message
3. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Like
Lucian Sipos
Posted Wed June 26, 2024 10:13 AM

Reply
Solution was to install the certificate of the server where SOAR is running to the machine where QRadar is running.

------------------------------
Lucian Sipos
------------------------------

Original Message

IBM QRadar SOAR

IBM QRadar SOAR

ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Lucian SiposThu June 20, 2024 04:26 AM

Priya SapraWed June 26, 2024 10:05 AM

Lucian SiposWed June 26, 2024 10:13 AM

1. ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

2. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

3. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Lucian SiposThu June 20, 2024 04:26 AM

Priya SapraWed June 26, 2024 10:05 AM

Lucian SiposWed June 26, 2024 10:13 AM

1. ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

2. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

3. RE: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)

Additional Resources

Office

Quick Links

Additional
Resources