IBM QRadar

Hi guys,

I am trying to integrate Qualys VA into Qradar 7.4 following these instructions: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_vuln_qualys_cert.html

1. Installing Qualys SSL certificate for my Qualys API Endpoint
2. Adding a Qualys Detection Scanner
3. Adding a Qualys Live Scan

Unfortunately it's not working.

The scheduled Detection scan ends with: "Initialization error: Could not initialize scanner 'qualys detection': Qualys detection failed to initialize (connection test failure)"

And the sheduled live scan ends with: "Initialization error: Could not initialize scanner 'qualys scanner': com.q1labs.vis.exceptions.ScannerTaskException: Could not retrieve template report list through Qualys API: An error occurred opening the https stream :: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.aj)"

I found the same error messages in the Qradar error log plus the following one:

"[Trust Manager Watch Service] com.q1labs.frameworks.crypto.trustmanager.CertificateValidator: [WARN] [NOT:0000004000][172.30.0.51/- -] [-/- -]Can't load certificates from file [/opt/qr

adar/conf/trusted_certificates/qualysapi.qg2.apps.qualys.eu_443.crt] because the specified file is empty Please remove the file and try again."

I checked the certificate which I imported with /opt/qradar/bin/getcert.sh and it's definitely not empty...

There are some old related posts in the Qradar support forum mentioning the same errors but these posts are very old and seem to be fixed by importing the certificate which did not help in my case.

Thanks in advance

Hi,

we found a solution.

We had to convert the certificate which we retrieved by the getcert.sh script from PEM to DER with openssl:

openssl x509 -outform der -in qualys_URL.cert -out qualys_URL.der

Scans are now running properly