Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1232
Views
0
Helpful
8
Replies

Syslog Collector failure with third party SSL certificate

UWE STEINHAU
Beginner
Beginner

‎02-19-2010 06:33 AM

Hello,

We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.

I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
        at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
        at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
        at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
        at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
        at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)

Thanks....!!!

= Uwe =

Labels:
0 Helpful
8 Replies 8

Joe Clarke
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

‎02-19-2010 07:51 AM

Are you seeing any other errors relating to certificates?  Are you using Apache in SSL mode?  If so, is it working?  This problem may not be certificate-related.  If you have lsof installed, post the output of:

lsof -i :3333
lsof -i :4444
0 Helpful

UWE STEINHAU
Beginner
Beginner
In response to Joe Clarke

‎02-19-2010 07:58 AM

Thanks for the fast reply. Web access is working on port 443. The only problem that crept up is the syslog collector issue. Both collector and analyzer processes are running. I don't have lsof on the boxes but I'll try to get a version and install it today.

0 Helpful