search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.45k stars 625 forks source link

MISP unknown version error - can't connect to thehive via ssl (ssl config) #1184

Open fw587 opened 4 years ago

fw587 commented 4 years ago

Work Environment

Question Answer
OS version (server) CentOS

Problem Description

Dear guys

I config a misp server that use apache server and is https and work well, separately . ssl has configured by openssl and Generate Self-Signed Certificate. So 3 file include .crt and .key and .csr has been generated and working well.

on the hive side, and the application.conf, and conifg section of misp, Because that we need to give keys on java format and I generated keys for apache server using openssl, I need to generate keystore (JKS) file. I try to Create JKS KeyStore file from existing private key and certificate(exist on misp server) via this:

openssl pkcs12 -export -in [path to certificate] -inkey [path to private key] -certfile [path to certificate ] -out testkeystore.p12

keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore KEYSTORE.jks -deststoretype JKS

now I transfer KEYSTORE.jks to the hive server. BUT, it can not connect to the misp server. instead when misp web server is in http and not httpS, everything is ok and can connect to each other.

thehive is work well . misp is work well,too. without HTTPS config and on http, they can export and import to each other. would you please explain what is the problem and how ssl config should be? THX

MISP config part:

play.modules.enabled += connectors.misp.MispConnector misp {

Interval between consecutive MISP event imports in hours (h) or

minutes (m).

interval = 1m "MISP-SERVER-ID" {

MISP connection configuration requires at least an url and a key. The key must

be linked with a sync account on MISP.

url = "https://x.x.x.x"
key = "xxxxxxxxx"

ws.ssl.keyManager { stores = [ { type: "JKS" path: "KEYSTORE.jks" password: "xxxxx" } ] }

456 123

3nk0d3r commented 4 years ago

Take a look: https://blog.agood.cloud/posts/2019/09/29/integrate-misp-to-thehive/

fw587 commented 4 years ago

Take a look: https://blog.agood.cloud/posts/2019/09/29/integrate-misp-to-thehive/

Thx for answer. I check it out and understood my configuration is like that. and there is no problem. actually ssl configures are corrected on misp server. and misp server is used https. I guess the problem is that i'm not sure the way I should configures ssl on application.conf of thehive. as I told before .crt and .key and .csr has been generated and working well. and there are created by openssl. but thehive need JKS format.

pariiiiiisa commented 2 years ago

you need to add this : wsConfig { ssl.loose.acceptAnyCertificate = true }

and restart the service .