IBM Support

IJ31088: QRADAR CAN SOMETIMES CONTINUE TO ATTEMPT TO DOWNLOAD A CERT FOR A SCANNER THAT HAS BEEN REMOVED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • QRadar can sometimes try to download a VA Scanner certificate
    even if scanner configuration was removed from QRadar.
    This is due to a cached value written in a temporary file.
    System Notifications similar to the following might be visible
    in /var/log/qradar.log when this issue occurs:
    generateNotification: An attempt to download the server
    certificate for [IP:443] to
    [/opt/qradar/conf/trusted_certificates/IP_443.crt] has failed
    

Local fix

  • From an SSH session to the QRadar Console:
    Find and modify the file "certificate_catalogue.txt", remove
    the bad scanner record, then save the file.
    Do a deploy changes and the cert should no longeer attempt to
    be downloaded.
    

Problem summary

  • We have identified this issue as a permanent restriction for
    this integration. A fix for this issue will not be provided.
    

Problem conclusion

  • We have identified this issue as a permanent restriction for
    this integration. A fix for this issue will not be provided.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ31088

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    730

  • Status

    CLOSED PRS

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-02-28

  • Closed date

    2021-04-27

  • Last modified date

    2021-04-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730"}]

Document Information

Modified date:
28 April 2021