IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Error while adding Cisco duo with Cisco duo protocol.

    Posted Fri December 01, 2023 03:03 AM

    Hi Team,

    while adding Cisco duo we are getting error ->error while connecting with proxy code com.ibm.jsse2.util.j: no trust certificate found.

    we have proxy in between but ssl decryption is bypassed and api is allowed. 

    Under trusted_certs directory I have paste proxy and duo certs. 

    Does any one know how to fix it ? 

    Thanks

    Ashish



    ------------------------------
    Ashish Sharma
    ------------------------------


  • 2.  RE: Error while adding Cisco duo with Cisco duo protocol.

    Posted Fri December 01, 2023 09:09 AM

    Hello,

    You may wish to try some of the Troubleshooting tips via the technote below:

    https://www.ibm.com/support/pages/qradar-how-verify-certifcate-connections-using-openssl

    As well as using 'curl' to see if you can connect to the log source.

    Have you checked with your network team that the connection is getting past any FW to the LS?

    If you have checked through all off the above and cannot find the issue please raise a case dircetly with support. 

    As they will be able to dig deeper into the logs (debug etc) to help identify the cause. 

    Regards,



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message


  • 3.  RE: Error while adding Cisco duo with Cisco duo protocol.

    Posted Fri December 01, 2023 09:28 AM
    Edited by Comghall Morgan Fri December 01, 2023 09:28 AM

    Hello Ashish,

    I see your update in the other thread for an AWS issue.
    You may also attempt this as well by adding the proxy cert.
    https://www.ibm.com/docs/en/qsip/7.5?topic=au-configuring-updates-behind-proxy-server-that-uses-ssl-tls-interception
    Note step 5-6 is to run the AU, you dont need to do this, just retest your log source connection. 
    Though please rasie a case if known of the steps help resolve your issue.



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message


Related Content