IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  SSL Error When "gadget --list"

    Posted Mon May 18, 2020 09:16 AM
    I have setup my app.config file in "C:\Users\user_name\.resilient\app.config"
    [resilient]
    port=443
    host=hostname.ibm.com
    api_key_id=fcafc....
    api_key_secret=ryl-0EvbB....
    org="Org Name"

    How do I set bypass SSL verify.

    Because when I run "gadget --list", I get the error below;
    File "c:\users\user_name\appdata\local\programs\python\python37\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
    File "c:\users\user_name\appdata\local\programs\python\python37\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
    File "C:\Users\user_name\python-apps\test-packages\venv\Scripts\gadget.exe\__main__.py", line 7, in <module>
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\resilient\bin\gadget.py", line 170, in main
    client = resilient.get_client(opts)
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\resilient\co3.py", line 163, in get_client
    api_key_secret=opts["api_key_secret"])
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\resilient\co3base.py", line 161, in set_api_key
    timeout=timeout)
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\requests\sessions.py", line 543, in get
    return self.request('GET', url, **kwargs)
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\requests\sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\requests\sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
    File "c:\users\user_name\python-apps\test-packages\venv\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
    requests.exceptions.SSLError: HTTPSConnectionPool(host='host.ibm.com', port=443): Max retries exceeded with url: /rest/session (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)')))

    Thx. Gilbert



    ------------------------------
    Apronti Gilbert Ofoe
    ------------------------------


  • 2.  RE: SSL Error When "gadget --list"

    Posted Tue May 19, 2020 02:24 AM
    Hi Apronti,

    If you are using a self signed or internal CA to to sign your Resilient SSL certificate then Resilient Circuits will not be able to trust it by default. To remedy that you can create a .pem or .cer which contains a concatenated list of entries of the server, intermediate and root certificates that Resilient Circuits will trust using the cafile= parameter.

    You have the choice of disabling certificate verification altogether by setting cafile=false in the app.config but you will then be susceptible to MIM attacks.

    Please see https://www.ibm.com/support/pages/node/1162636 for more information.

    ------------------------------
    BEN WILLIAMS
    ------------------------------

    Original Message


  • 3.  RE: SSL Error When "gadget --list"

    Posted Tue May 19, 2020 07:48 AM
    I believe you should be able to add the following to [resilient]:
    cafile=false

    This will bypass any certificate verification.

    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message


  • 4.  RE: SSL Error When "gadget --list"

    Posted Tue May 19, 2020 08:03 AM
    Thanks,
    I used the cafile option in the app.config and its working

    That is
    [Resilient]
    port=443
    host=hostname.ibm.com
    api_key_id=fcafc....
    api_key_secret=ryl-0EvbB....
    org="Org Name"
    cafile=false

    Thanks again


    ------------------------------
    Apronti Gilbert
    ------------------------------

    Original Message