Workflow may be unable to communicate with investigator if a strong cipher like AES256 is used in the reporting server's nginx configuration. Other weaker ciphers seem to pose no problem, however if AES256 is set as the only available cipher Workflow may fail to retrieve the rules from Investigator.
A sample of ciphers that appear to work are: ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
The one that doesn't work is: ssl_ciphers 'AES256+EECDH';
If stronger Cryptographic algorithms are needed (for example, AES with 256-bit keys), the JCE Unlimited Strength Jurisdiction Policy Files must be obtained and installed, and Workflow must be restarted:
- Navigate to the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 download page.
- Download the archive jce_policy-8.zip
- Extract local_policy.jar and US_export_policy.jar from the archive to the %JAVA_HOME%\jre\lib\security directory on all Interset servers, overwriting the files already present in the directory.
- Navigate to the Ambari console
- Click on Storm
- Click on Quick Links -> Storm UI
- Click on the "Workflow_0" Topology (or repeat the following steps for each Topology)
- Click on "Kill" under "Topology Actions"
- On the Master node where Analytics is installed, run the following command to restart Workflow: storm jar /opt/interset/rules/libs/rules-5.0.jar com.interset.rules.RulesTopology /opt/interset/rules/conf/rules.conf