CA SystemEDGE SRM AIM not Monitoring HTTPS sites with TLS Authentication.

Document ID : KB000031294
Last Modified Date : 19/06/2018
Show Technical Document Details
Introduction:

In all Versions of SystemEDGE SRM monitoring HTTPS sites are available.

With a number of SSL vulnerabilities like poodle, and HeartlBleed, people are moving off SSL authentication of SSLvX (like SSLv3) and moving to a more secure TLS authentication.

In the out of the box versions of SystemEDGE SRM, HTTPS sites will fail because SRM is currently using SSLv3 only as the highest Auth version.

A patch has been written as of 8/1/2015 which includes the new Java runtime (jre), and updated code to allow TLS authenticated site monitoring. The TLS monitoring ability within each version of SRM changes as this is highly dependent on the JRE version that is supplied with that SRM version.

JRE 6 will allow TLSv1 and SSLv3

JRE 7/8 will allow TLSv1.2, TLSv1.1, TLSv1, SSLv3.

It is important to note that as the JRE changes that JRE may remove certain legacy ciphers/protocols and if it does then that will no longer be a supported site.

When a published patch becomes available this technical document will be updated. But in the meantime if you encounter problems monitoring TLS based authentication sites with errors like,

"ERROR: jcollector.SATestException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure "

In the SystemEdge Log, you may also see this error; 

"[LOG_FATAL][2018-06-12 12:58:57][Thread:Thread-857][Pass #5]: IOException thrown by the html page download: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0 
[LOG_CRITICAL][2018-06-12 12:58:57][Thread:Thread-857][Pass #5]: [#12039] ERRSRC:https ERRCODE:58 INDEX:12039 NAME: TESTDESC:https://soa.wmata.com_10.10.131.151 ERROR: jcollector.SATestException: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0 "

Please open a support request for SystemEDGE and request the SRM TLS Update and note your version of SystemEDGE. If you are unsure of your version of system edge

cd <installdirectory>\bin

and run snmpget -c <yourreadcommunity> -p <youport (161|1691) -o 1.3.6.1.4.1.546.1.1.1.8.0

Should get

1.3.6.1.4.1.546.1.1.1.8.0 CA Technologies SystemEDGE Agent Version 5.9.0 (5.9 pl
0) (15045)

And note Your O/s in the case as well aka windows 2008, linux 6, etc...

And support will be happy to provide the updated installer and the directions for installation.

Instructions:
Please Update This Required Field