QRadar Threat Intelligence doesn't recognize certificate


The app doesn't recognize the signed certificate of the TAXII server.


A property in the configuration file to ignore the server certificate warning is set to false.

Resolving the problem

Note: The following procedures only apply to the Threat Intelligence app versions earlier than 2.0.0. For versions 2.0.0 and later, contact IBM Support for applicable solutions.
  1. Use SSH to log in to your QRadar® Console or the QRadar App Host as the root user.
  2. In the docker container, open the /store/config.json file, and add the following property:
    "enable_ignore_cert": true
  3. Restart the poll.py and run.py scripts by typing the following command:
    ps aux | grep poll and ps aux | grep run - kill -9 <pid>
  4. In IBM® QRadar Threat Intelligence add a TAXII feed or rule action and select the Ignore Certificate Warnings checkbox.