CP4S - Unable to add QRadar as a data source

Troubleshooting

Problem

Unable to add QRadar data source due to Connection error.

Symptom

Unable to add configuration successfully. Shows red dot.

Environment

All versions of CP4S.

Diagnosing The Problem

Due to invalid certificates being used, we can see following error message in "udi-udiworker pods"

{"ibm_datetime": "2022-04-07T09:27:42.440243Z", "level": "error", "label": "datasourcePing_logs", "message": "80ff2918-b58e-4b1d-9a9e-2fe17908d837: authentication_fail Wrong certificate: HTTPSConnectionPool(host='192.168.19.58', port=443): Max retries exceeded with url: /api/help/resources (Caused by SSLError(SSLCertVerificationError(1, '\[SSL: CERTIFICATE_VERIFY_FAILED\]

Resolving The Problem

SSH to your QRadar server and run following steps.

Open root and intermediate certificate files from the directories mentioned. Certificate files might be at another locations for different QRadar systems.

cat /opt/qradar/ca/www/root-qradar-ca_ca.crt on qradar

cat /opt/qradar/ca/www/intermediate-qradar-ca_ca.crt on qradar

Copy the certificates (from BEGIN CERTIFICATE until END CERTIFICATE) from both the files root-qradar-ca_ca.crt and intermediate-qradar-ca_ca.crt. Create a file named cacert.pem. Paste the root certificate and then intermediate certificate in file cacert.pem.

-----BEGIN CERTIFICATE-----
MIIFKzCCAxOgAwIBAgIQHAGxjmj7pjdXDpsUTRwjVTANBgkqhkiG9w0BAQsFADAf
MR0wGwYDVQQDDBRRUmFkYXIgTG9jYWwgUm9vdCBDQTAeFw0yMjAzMjIxNDA1MTJa
Fw0zMjAzMTkxNDA1MTJaMB8xHTAbBgNVBAMMFFFSYWRhciBMb2NhbCBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3aBtG1RlJXRzz1LtsHFZ
VkzRiSkQ3DbSCz0ZU7dPgpXachCRaHU7DY43OMXDJYHpsxrZRIAYNRXcqi+6630h
4xScAoWGOhTkHuH3q7ihUFlD0z6EwbQr+HZfvrm1gnZqe7AlW3CGRxljfUs8TctI
nCC+1LKsX1pvxHJvYQ6drpGc3aTT/QPWoa3bACq7CXYllEIMwik1rvTotLrAreWE
jwvdd6dtScOUon4iinmwTm52YbogJC6x/T3Em4nRyjh1WC6/+grp2d+dg67GDwUS
DPN5O5gvmgF6p1ShUd4AgfJ/E34/TbS6duXI6kv/Ct+YMTjir9yCEAbExYPF1WSQ
KWFEneD4ZQD6TrexwI5+fKurVZGfBZyPPF1ctVhR/Q8VsYjnRHKoFL2gtc1L5qfo
i1y/aS0rvekxqENHkwjmIhybREqXVMTOAeEYl61zFWVGo0/atMtaSLWQ5xJ7rzZ2
1/1qNtDPWLPT/NC8l1B7MAO8DvG6wb8g0p6zSl6pWJT3gtqB/nf23RUxKdNIgnsY
YLMSgmfxye97J6KIV5m3vEhMgu5Db41PwBzTysB3+8Fkxii9dcSw9Sbo304gNK4P
FyayRJ4r9o2GjFhiXnLwpjFGBeIdveZyLeJL4N47YoKvYovCooch+z2gdaDWQeLB
NlVg/mglkbpSZMq6sixlAqECAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJPOLRHzGiOtslUHgJshBbf7i8wbMB8GA1Ud
IwQYMBaAFJPOLRHzGiOtslUHgJshBbf7i8wbMA0GCSqGSIb3DQEBCwUAA4ICAQBm
1p8X+jsJQzlfv4vqj1JujASyL4lK5oa9nvS1TqPco2OFU5keAV+NsH/dmTZ9/62o
QuB8uFDrPNjN3E4Y8Z7saVniCdNz263cUbTIuC5eYuX6sPKwOp6u6FcK4+EqOW3m
eAwZH6/vdNPvgIiPiGJ/4L9UVqQS7adOvBLes3NjrJGOYEh5LRi+hV5Owm6aty2V
Z8AsVVsomxfqlL5R734KcdCykZYjIwz+yLycIkfuiTzhPTgQ9IIgHzbgVhGSbAd7
aG7DllvwSsC31YHulPYDhd/CPKRzg1uN7PMaDcgqsM3QHSpEd3SHEDG76+cm4IN0
GJlx7evqAVpDsg3dPCj9SFfUsLedoeUidp6K1vbXFibexILKa0qiJIVZDapcTg1O
kHPfSUKp2oivFy11OW6ur68lLkhoUFFy3EaZpmVPl6GPAscd7pajFg3mciCNY3A5
CCZs8lc6LBmDPBaEECNdQTsUgdqkQM5EMPkP3hJrCswKeVVVGzncpyTKKKrkHfZQ
r9YTyfdbRMinJfPHD/VRp/AGAuu5CUEe7+H8DHYpaf+fPtEEbluTxCMaGTJCRfYa
wUJBZGrSlM0kon2ksZB+TYVaSQ9PQ092wFb54eVsfk6GKeRcSDlxGTB9YeGFK1ZV
B1IQsBhVrbJ6qidl3BopyIB6w4f8zau1rAkX3axoUA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF8TCCA9mgAwIBAgIQHAGxjmj7pjdXDpsUTRwjVjANBgkqhkiG9w0BAQsFADAf
MR0wGwYDVQQDDBRRUmFkYXIgTG9jYWwgUm9vdCBDQTAeFw0yMjAzMjIxNDA1NDla
Fw0yNTAzMjExNDA1NDlaMBoxGDAWBgNVBAMMD1FSYWRhciBMb2NhbCBDQTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM0a1Jqof+owLzQM/mcVhsRWPnYe
TETRj7ub/1TJBP/54IoYBQHwP1US9HjBZ5t7nRRB9eHpDacPTEahBoBPEaR+XlNn
xrXLTFPn4FZheyG/TrM+6EwS7zXLvx3sEstpbjJAye6ze9z2xjmJzSsy6ty4x6j/
Qg+m1EZcpGaKJSLIPZd5GabuOBD+bIslit5Z+wfEwuzsJg7t+nl7Fz4ty+kwKfzT
HEVDLPKYGs/ONwdwqPFbCOm8QqIQuf+fkF36nHcRZ0V25jKClMhscvKu+PJ9yku5
EF4B9cCByUPNx3jalb8F4j0myVl/ddR8SAqvhm088klZ+X1SZjaJlfH9rT4OQ7cT
CdRDm+PWJhQCfjahYyhnirp/pYNWJNiYsp70sXSHom41AA0b1RUd9w9VLUfrZBAR
Qjw9H8T1xXbUe1VlpKtAza+e+xxsMVFNRL6zr1giK66ZiLADYO7AMzEaDBtYTfv8
FzmmlbCtgJpMQH87QoL8V7KPVG53H4JmFr69e0BqJzJ6QFW8npFb3lJZlbypXBqB
fscWgSCx2fl8fBJ6WuZfgqx7XpRGwOByeDCwwL3o037cChjg99WoyunoFA3HVT1r
13ws+nn3CZ7Aa79hpEUK6IuNaCzS/V2PXFHjMsslyz49weJoTtE88brszrXz/rlg
jpK+Stu6TOr8oaNJAgMBAAGjggEsMIIBKDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQU4ZB0mw6hDE13GSTMUCRZrQhNozowHwYDVR0j
BBgwFoAUk84tEfMaI62yVQeAmyEFt/uLzBswZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktodHRwOi8vYmlyYWpkYXJzLXFyNzQzLTMxOTktNTcwOC5jc2xhYi5p
c3MubG9jYWw6OTM4MS9yb290LXFyYWRhci1jYV9jYS5jcnQwXAYDVR0fBFUwUzBR
oE+gTYZLaHR0cDovL2JpcmFqZGFycy1xcjc0My0zMTk5LTU3MDguY3NsYWIuaXNz
LmxvY2FsOjkzODEvcm9vdC1xcmFkYXItY2FfY2EuY3JsMA0GCSqGSIb3DQEBCwUA
A4ICAQAYEG0YruLqN3dE63GYTs4qSE7qW5LNg7B+lN6Sri4IRtcyhlA4rBggUXJb
OvN9yE/hO5NoojWVlOPPcyureeTHyNpZSYlh0O0jU1wQMuwoUMN494KE9pxDpnXD
tApOvG0ZKeW3Uhs/10n/dzfGGPHYCdHyr6pZrudsca0tSkYWTXeSs/7zamdNdMHI
/me+DJxxKrQvUtCmtmjo+77sZoYh8QpdEX8V/IvgETyHWR72+NwTR8gO0PMKkYou
3z8I8zTWXl85NTUFILxuF9UTXUT62oHYefZ9EFPxa/gvqn/yBqe3pJUgejPzj4tX
TA2EO4YjIZIYQJvz/eNfh+w8ILPQFCouEG+xq8AUNyHANGm74NyaXAggKcgAZv4N
Xink0EH5lNVdNltmgs6gnf4Z3ekEckEVafEVZrIOFuvzIr6bbsxr1OmrOv1xSjvS
aybofbdkYZgbI/Cw3+qx2JprK14YLVbA0uJXniAiFmwdOStJ7Jn/KpyGjqdlo8Jh
zmF7/UgnPOhTWWy9B2xtoxk1pqTgRXJLcUx74o25MGBZdPjfCyuJ/Xp/sQrswAlc
4NtZOOLWVsLJ7/5ce28kaCv7xO2AFOOq6LvetWSob1iFc+nAfBngv4B8gD4EAzkV
uK4AZnGFBMsaz4LxUVOH7/gNk8Vc6SO+tWwY7o+jj2OJd61Rug==
-----END CERTIFICATE-----

Run the following curl command from within udi worker pod. To run command from within udi worker pod:

Log in to Openshift console and then navigate to: Home --> Overview --> Nodes --> Click on any worker pod --> Terminal

cacert.pem - certificate chain created in the previous step

SEC - token generated in QRadar

Replace with your QRadar IP/Hostname

curl --cacert cacert.pem -X GET -H 'SEC: e8c4117b-2889-4e78-8eb2-1e6ce41de1d7' -H 'Accept: application/json' 'https://<QRadarIP OR Hostname>/api/help/resources'

If the curl command works, you can paste the cacert.pem bundle created in the certificate section while you create the QRadar Data Source.

If the curl command fails, that might be an issue with the QRadar certificates itself.

You can also use openssl command from worker node to check what certificates are required other than root and intermediate for the successful Data Source connection:

openssl s_client -showcerts -servername <servername> -connect <servername:port>

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z000000Xat9AAC","label":"Documentation"}],"ARM Case Number":"TS008892312","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Was this topic helpful?

Document Information

Modified date:
30 June 2022

UID

ibm16582347

Share your feedback

Need support?