Solution was to install the certificate of the server where SOAR is running to the machine where QRadar is running.
Original Message:
Sent: Wed June 26, 2024 10:04 AM
From: Priya Sapra
Subject: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)
Hi Lucian,
Which app is this affecting? Do you have the QRadar SOAR plugin installed in SIEM and now you are facing issues with it or is this a different app?
Thanks
------------------------------
Priya Sapra
Original Message:
Sent: Thu June 20, 2024 04:26 AM
From: Lucian Sipos
Subject: ActiveMQ BrokerService[detachedBroker - Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)
Hello all
We recently renewed the certificates on Resilient and now, in resilient-messaging.log, we have this error in polling:
09:47:09.541 [ActiveMQ BrokerService[detachedBroker] Task-2573] WARN v=unknown o.a.a.broker.TransportConnector - Could not accept connection from tcp://QRADAR_CONSOLE_IP:PORT: Received fatal alert: certificate_unknown (Received fatal alert: certificate_unknown)
Someone know where we can look to investigate further?
Other logs (client, various resilient-*) are ok, no errors.
Restarting resilient-messaging service doesn't solve the problem (STOMP errors after importing a new SSL certificate in to IBM Resilient)
Thanks
------------------------------
Lucian Sipos
------------------------------