Troubleshooting
Problem
Blue Coat Web Security Service REST API protocol does not work in patches prior to 7.2.8 Patch 7.
Symptom
Important: This is issue is resolved in QRadar versions 7.2.8 Patch 7 and above. This issue does not affect QRadar 7.3.0 Installation.
Cause
QRadar attempts to download a certificate from BlueCoat using TLS. QRadar installations below 7.2.8 Build 20170530170730 downloads the certificate by using TLS version 1. BlueCoat only accepts connections that use TLS versions 1.1 and 1.2.
Using the command.
openssl s_client -connect portal.threatpulse.com:443 -tls1
Will return a message similar to this.
CONNECTED(00000003)
139809391920968:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number :s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
You cannot connect to BlueCoat to pull down the certificate.
Diagnosing The Problem
- Log in to the QRadar user interface.
- From the menu bar click Help > About.
- Note the version of QRadar installed on your deployment
Resolving The Problem
To resolve this issue, you need to patch your QRadar deployment to version 7.2.8 Patch 7 or later.
To get the latest Fix Pack build, go to this link
Administrators can get the latest patch version from IBM Fix Central. For a list of QRadar release notes, see http://ibm.biz/qradarsoftware.
To find out more about installing the BlueCoat DSM please refer to the DSM guide.
Was this topic helpful?
Document Information
Modified date:
28 January 2021
UID
swg22007705