Hi Wiktor,
I couldn't find an case open under your name.
See
https://www.ibm.com/support/pages/node/1160620 which describes one situation which I have seen on a few occasions where a client has a proxy that inspects the SSL connection between SOAR and websvc.resilientsystems.com. The end result is that the certificate chain is altered and the proper certificate chain is replaced with internal certificates from the client's CA.
This alteration causes SOAR to rightly, not trust the server it is connecting to. If you run openssl s_client -connect websvc.resilientsystems.com:443 -showcerts, what is returned? Do you see certificates from your internal CA? If so, you need to import the full chain as directed in
https://www.ibm.com/support/pages/node/1160620 to custcerts.
Once the full chain is present in custcerts then SOAR can verify the chain and then trust the connection to websvc.resilientsystems.com.
------------------------------
BEN WILLIAMS
------------------------------
Original Message:
Sent: Fri October 28, 2022 03:07 AM
From: Wiktor Minorczyk
Subject: Threat Sorurce
Hello
I have a probleblem that probaby already been submittet to support IBM.
I get credential error when aactivating any of the threatsoaurces option. Api Key and password are correct. I found an entry in the client.com "Cannot validate API key for threat source *****************: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain"
I would be greateful fo the tips
soar ver 46.2.19
------------------------------
Wiktor Minorczyk
------------------------------