IBM Support

IV70567: AUTOUPDATE HTTPS AND PROXY INTERCEPTION - CONNECT FAILURES BY UPDATECONFS.PL

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The transition to HTTPS on autoupdate may cause UpdateConfs.pl
    to fail to connect with https://qmmunity.q1labs.com due to SSL
    interception.
    
    Error reported in the autoupdate log:
    
    Wed Oct  8 15:01:01 2014 [WARN] Could not contact the update
    server: 500 proxy connect failed: PROXY ERROR HEADER, could be
    non-SSL URL:
    HTTP/1.0 403 CONNECTnotallowed
    

Local fix

  • Add the proxy CA cert to the CA-Bundle on QRadar:
    1) Create a backup copy of the ca-bundle.crt file in QRadar.
    For example, use the copy command to create a .bak file:
    cp /etc/ssl/certs/ca-bundle.crt{,bak}.
    2) Get the CA certificate from your proxy server. For more
    information, see the proxy server documentation.
    3) Add the CA certificate to the ca-bundle.crt file by running
    the following command:
    openssl x509 -text -in /path/to/proxycert.crt >>
    /etc/ssl/certs/ca-bundle.crt
    or
    Provide an exception on the proxy not to intercept the
    traffic from https://qmmunity.q1labs.com
    

Problem summary

  • This issue was resolved with QRadar/QRM/QVM/QRIF 7.2.8
    

Problem conclusion

  • This issue was resolved with QRadar/QRM/QVM/QRIF 7.2.8
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV70567

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    724

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-03-05

  • Closed date

    2016-09-28

  • Last modified date

    2016-11-07

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

  • R728 PSY

       UP

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"724"}]

Document Information

Modified date:
10 September 2020