Changing the SSL Certificate
In this post we are going to explain in a simply way how to change the SSL certificate of QRadar. For the folks that already worked with IBM products know how tricky it were, but with QRadar it is way easier. In less than 10 steps you can import your self-signed or trusted certificated into QRadar.
- Get your self-signed or trusted certificate (remember: you need the public and private key);
- Log into your QRadar console using SSH;
- Transfer the certificate to some folder inside the QRadar, example:
/certificates/qradar_priv_certificate.pfx and /certificates/qradar_public_certificate.cer
- Execute the following command: /opt/qradar/bin/install_ssl_cert.sh -i
- The script will ask you the path to the private certificate file. Just type the path you used on step 3.
- The script can ask you the public certificate, just type the path you used on step 3;
- To confirm the change, type ‘y’ and press enter;
- After the completion, restart the hostcontext service using the command:
service hostcontext restart
- After the restarting the service, open the QRadar using HTTPs using your browser and verify the certificate;
Basically, the QRadar will make all the tricky part and will update the SSL certificate for you.
You can find the official documentation about the SSL certificate change in this link (that basically explain this 10 steps in 10 pages).
3 thoughts on “Changing the SSL Certificate”
April 4, 2014 at 10:58 am
Be advised: SSL certificate change can cause Wincollect communication disruption with QRadar.
April 4, 2014 at 2:35 pm
Good catch Charkh. The SSL certificate replacement should be aligned with the WinCollect servers!
November 21, 2014 at 9:08 pm
Does the install_ssl_cert.sh script natively support PCKS12 (.pfx) now? Last time I did this on QRadar (Version 7.0.0 MR5 I believe), you had to convert the PFX file to another supported format using OpenSSL or similar tool.