On 04/29/2019 11:14 PM, Mohit verma02 wrote:
>
> SSPR was successfully sending events to Sentinel when I configured with
> port 1468(TCP).


Just so we're clear here, TCP 1468 is a cleartext port by default, so data
on the wire are not encrypted at all. This is important in about one second.

> However moment I changed to 1443,it has stopped and seeing below error
> in logs.


I have not setup SSPR to audit to Sentinel with TLS/SSL; is there an
option within SSPR to not only change the port (1468 to 1443) but also to
change SSPR to negotiate the TLS/SSL side? The latter change is not
implied by the former, so unless you did something (e.g. checked a
checkbox indicating TLS/SSL should be used on the client/SSPR side) the
data will still be cleartext/plaintext, as the error message states.

> Please note that I want to use Client Authentication as "Open" and
> Server Key pairs as Internal (default).So confused why it is showing


These are, as I recall, settings on the Sentinel connector side, and
that's fine probably.

> below error as the Open configuration means no certificate validation
> required at all.
> Anyone can help in this?
>
> "Tue Apr 30 14:48:54 AEST
> 2019|SEVERE|SyslogSSLReader-144445|esecurity.ccs.comp.evtsrcmgt.connector.sysl ogserver.DeviceSensorTCPListener$DeviceReader.runS ensor
> DeviceSensor error
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
> connection?


The text here seems to indicate you have not told the client (SSPR) to use
TLS/SSL, so it is still trying to make a connection without that, which of
course will not work.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.