cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

NSP Certificate Error

Jump to solution

Deploying change the an M-8000 sensor fails everytime. We're seeing these errors:

2016-04-28 14:40:11,528 ERROR [PktlogNIOChannelServerPool- 4] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.124:42148) trying to connect to Control Channel server (/x.x.x.55:8503). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. sun.security.validator.ValidatorException: Certificate signature validation failed. java.security.SignatureException: Signature does not match..

2016-04-28 14:40:11,636 ERROR [TwoWayNIOChannelServerPool- 7] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.125:59511) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. java.security.cert.CertificateExpiredException: NotAfter: Sat Jul 09 16:41:18 EDT 2011.

2016-04-28 14:40:11,745 ERROR [TwoWayNIOChannelServerPool- 8] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.176:34870) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. sun.security.validator.ValidatorException: Certificate signature validation failed. java.security.SignatureException: Signature does not match..

2016-04-28 14:40:11,747 ERROR [TwoWayNIOChannelServerPool- 1] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.125:59513) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. java.security.cert.CertificateExpiredException: NotAfter: Sat Jul 09 16:41:18 EDT 2011.

2016-04-28 14:40:11,755 ERROR [TwoWayNIOChannelServerPool- 2] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.124:42149) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. sun.security.validator.ValidatorException: Certificate signature validation failed. java.security.SignatureException: Signature does not match..

2016-04-28 14:40:12,195 ERROR [TwoWayNIOChannelServerPool- 5] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.176:34871) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. sun.security.validator.ValidatorException: Certificate signature validation failed. java.security.SignatureException: Signature does not match..

2016-04-28 14:40:12,283 INFO  [TwoWayNIOChannelServerPool- 10] iv.common - java.lang.String@42c892d[Server type=ALERT_CHANNEL,Ciphers={TLS_RSA_WITH_AES_128_CBC_SHA}]

2016-04-28 14:40:15,521 ERROR [TwoWayNIOChannelServerPool- 8] iv.core.ControlChannel.NIO - ControlChannelWorkers : ************* An in-valid client (/x.x.x.124:42150) trying to connect to Control Channel server (/x.x.x.55:8502). SSLHandShake error occured : javax.net.ssl.SSLHandshakeException: General SSLEngine problem. javax.net.ssl.SSLHandshakeException: General SSLEngine problem. sun.security.validator.ValidatorException: Certificate signature validation failed. java.security.SignatureException: Signature does not match..

Any idea what could cause this and how to solve it?

1 Solution

Accepted Solutions

Re: NSP Certificate Error

Jump to solution

Yes, I realized that these errors and the issues we were having are not related.

These error messages were caused by old IPS sensors, which were supposed to be decomissioned, trying to connect to the manager.

Our original issue was caused by a Snort signature which was not supported by the new version of the manager (we upgraded from 7.x to 8.x)

View solution in original post

6 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: NSP Certificate Error

Jump to solution

Hi Bblanchard,

What manager / sensor software are you using?

Are you still receiving alerts from this sensor?

Can you log on to the sensor?

Have you run the checkmanagerconnectivy command from the CLI?

Have you tried breaking and recreating the trust between the manager and sensor?

Have you tried de-installing and reinstalling the sensor?

Peter

Highlighted

Re: NSP Certificate Error

Jump to solution

Will breaking the trust cause any traffic outage? Will the sensor stop processing traffic at any point?

Highlighted

Re: NSP Certificate Error

Jump to solution

The sensors will cache alerts until trust is re-established. It will not stop processing traffic but the alerts generated may fall off in a FIFO fashion if it cannot upload to the NSM within a few days. The length of time alerts are stored depends on a lot different factors but for what you are trying to do here it shouldn't be an issue.

BTW, it is possible that this error is related to Java versioning. Upgrading the NSM software to 8.3 MAY fix it but proceed down that road with caution if it comes to that as it is a full NSM upgrade just like any other. It does, however get rid of the java dependencies.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: NSP Certificate Error

Jump to solution

Hi Bblanchard,

Were you able to resolve the issue?

There is a resolved issue listed in the Network Security Platform 8.2.7.83-8.2.3.113 M-Series Release Notes (PD26443)

1082873 Error in connecting with alert and log channel as ems.log shows SSLHandshakeException.

It's lacking in detail but if you're not already on manager version 8.2.7.83 it may be work asking support for more details.

Regards

Peter

Re: NSP Certificate Error

Jump to solution

Yes, I realized that these errors and the issues we were having are not related.

These error messages were caused by old IPS sensors, which were supposed to be decomissioned, trying to connect to the manager.

Our original issue was caused by a Snort signature which was not supported by the new version of the manager (we upgraded from 7.x to 8.x)

View solution in original post

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: NSP Certificate Error

Jump to solution

Hey bblanchard,

Glad to hear you got it fixed, I always wipe the config from the sensor using the factorydefaults command from the CLI when I deinstall and delete them, this stops them from being reconnected to the manager.

Regards

Peter

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community