Troubleshooting
Problem
This article describes that Managed Hosts inside the same NAT group have no problems talking to the console. Instead, Managed Hosts in different NAT groups find there is a problem as they can't find a SAN that matches the public IP.
Resolving The Problem
It is not generally best practice to include multiple IP addresses in the list of SAN but it is possible.
Create new certificate
- Download the following files.
- Make the following edits to those files:
- Edit ca.cfg to include the internal IP address of the Console
- Edit create_test_ca.sh to replace .cer extension with .der extension
- Copy these scripts to your Console.
- Run the following commands:
Install the new Certificate
- Follow the steps here to install a new SSL certificate.
https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/t_qradar_adm_ssl_installing.html
Results
Agents connected to the MHs on different NAT groups are now able to talk to the Console without getting errors from the trust manager.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
13 September 2022
UID
ibm16619087