I traced the error down to the feed_manager process, logs here: /var/opt/lamplighter/log/feed_manager.log

I changed the java execution to get more debugging info, so it will run like this:

java -Djavax.net.debug=ssl,handshake -Xms256m -Xmx256m -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=20 -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=30 -XX:MaxGCPauseMillis=400 -XX:G1HeapWastePercent=5 -XX:+UseStringDeduplication -cp .:/var/opt/lamplighter/lib/jar/*:/var/opt/lamplighter/etc/ com.cisco.lamplighter.feedingester.feedmanager.FeedManager

The logs show the following (santizied and removed cert list for simplicity):

AMQP Connection 127.0.0.1:5671, READ: TLSv1.2 Application Data, length = 1296
12 Dec 2019 18:37:39 [rabbitmq-cxn-7-consumer] INFO c.c.l.f.feedmanager.FeedManager - Received feed: 'null', id: ZDkwODljYTFiOWI3NGFlZGI2NzAxODI1NTNiYzRhMzliZTY1MzIyNg Request discoveryinfo
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
trustStore is: /var/opt/CSCOpx/MDC/vms/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 04:00:00 UTC 1999 until Mon Jun 22 04:00:00 UTC 2020
...
...
...
adding as trusted cert:
Subject: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root
Issuer: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root
Algorithm: RSA; Serial number: 0x618dc7863b018205
Valid from Fri Apr 18 16:24:22 UTC 2008 until Thu Apr 13 16:24:22 UTC 2028

trigger seeding of SecureRandom
done seeding SecureRandom
12 Dec 2019 18:37:40 [rabbitmq-cxn-7-consumer] INFO DiscoveryClient - Request:
Message Type: Discovery_Request
Message ID: urn:uuid:804d0e88-af0f-43b9-9ea2-bf27cf024d7a

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1559332852 bytes = { 177, 171, 188, 67, 64, 2, 164, 39, 170, 211, 26, 246, 90, 111, 140, 100, 72, 204, 100, 176, 39, 135, 104, 154, 173, 58, 94, 193 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
rabbitmq-cxn-7-consumer, WRITE: TLSv1.2 Handshake, length = 199
rabbitmq-cxn-7-consumer, READ: TLSv1.2 Alert, length = 2
rabbitmq-cxn-7-consumer, RECV TLSv1.2 ALERT: fatal, handshake_failure
rabbitmq-cxn-7-consumer, called closeSocket()
rabbitmq-cxn-7-consumer, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
12 Dec 2019 18:37:40 [rabbitmq-cxn-7-consumer] INFO DiscoveryClient - Not DiscoveryResponse. Object is instance of [org.mitre.taxii.messages.xml11.StatusMessage]
12 Dec 2019 18:37:40 [rabbitmq-cxn-7-consumer] ERROR c.c.l.f.feedmanager.FeedManager - Failed to process UI feed update from [taxii_feed_manager] {"id":"ZDkwODljYTFiOWI3NGFlZGI2NzAxODI1NTNiYzRhMzliZTY1MzIyNg","version":"1.0.0","type":"source","refresh":0,"username":"6f7d794a349f694b48f2dSANITIZEDc44d35bf99694947fdb","passwd":"","uri":"https://otx.alienvault.com/taxii/discovery","clientCert":"","clientPrivateKey":"","caCert":"","startHour":18,"downloadOn":false,"runNow":false,"lastRun":0,"finishTime":0,"nextRun":0,"totalIndicators":0,"consumedIndicators":0,"updatedIndicators":0,"di...}}
java.lang.Exception: Exception: Received fatal alert: handshake_failure
at com.cisco.lamplighter.feedingester.taxiiclient.DiscoveryClient.getDiscoveryInformation(DiscoveryClient.java:76) ~[feedingester-1.4.0-1074-SNAPSHOT.jar:na]
at com.cisco.lamplighter.feedingester.feedmanager.FeedManager.processMessage(FeedManager.java:141) ~[feedingester-1.4.0-1074-SNAPSHOT.jar:na]
at com.cisco.lamplighter.common.framework.ProcessFramework$1.handleDelivery(ProcessFramework.java:291) [common-1.4.0-1074-SNAPSHOT.jar:na]
at net.jodah.lyra.internal.ConsumerDelegate.handleDelivery(ConsumerDelegate.java:53) [lyra-0.5.2.jar:na]
at com.rabbitmq.client.impl.ConsumerDispatcher$5.run(ConsumerDispatcher.java:149) [amqp-client-3.6.6.jar:3.6.6]
at com.rabbitmq.client.impl.ConsumerWorkService$WorkPoolRunnable.run(ConsumerWorkService.java:100) [amqp-client-3.6.6.jar:3.6.6]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
12 Dec 2019 18:37:40 [rabbitmq-cxn-7-consumer] INFO c.c.l.f.feedmanager.FeedManager - Reply to [ll_host_rest_response] : Exception: Received fatal alert: handshake_failure
rabbitmq-cxn-7-consumer, WRITE: TLSv1.2 Application Data, length = 240

Please help.