search cancel

LogRhythm API certificate error trying to download WSS logs via SYncAPI


Article ID: 229490


Updated On:


Web Security Service - WSS


SOC reported that LogRhythm SIEM is not able to pull logs from WSS 

LogRhythm support found that the connections to are failing with error "Unable to communicate securely with peer: requested domain name does not match the server's certificate"

According to Download Audit Logs with REST API, the REST API URL references

Manually browsing to that URL as shown below returns the same error and a certificate with only one SAN which indeed doesn't match: "DNS Name=*".

$ curl "" -H "X-APIUsername:1234fa8d-0b91-4c0b-b9ea-8d1e6xxxxxx" -H "X-APIPassword:1234ea043-1234-457c-871c-yyyyyyb8bc8" -o
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 8319k    0 8319k    0     0   540k      0 --:--:--  0:00:14 --:--:--  785k
$ curl "" -H "X-APIUsername:1234fa8d-0b91-4c0b-b9ea-8d1exxxxxxx" -H "X-APIPassword:1234ea043-1234-457c-871c-yyyyyyb8bc8" -o
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL: no alternative certificate subject name matches target host name ''
More details here:



LogRhythm SIEM solution

WSS SyncAPI endpoints


SIEM client referencing wrong domain

Documentation has been cleared to reference the, and not domain



Make sure that the SIEM (LogRhythm here) points to domain.