Changing the SSL Certificate

Posted on Updated on

In this post we are going to explain in a simply way how to change the SSL certificate of QRadar. For the folks that already worked with IBM products know how tricky it were, but with QRadar it is way easier. In less than 10 steps you can import your self-signed or trusted certificated into QRadar.

  • Get your self-signed or trusted certificate (remember: you need the public and private key);
  • Log into your QRadar console using SSH;
  • Transfer the certificate to some folder inside the QRadar, example:
    /certificates/qradar_priv_certificate.pfx    and   /certificates/qradar_public_certificate.cer
  • Execute the following command: /opt/qradar/bin/install_ssl_cert.sh -i
  • The script will ask you the path to the private certificate file. Just type the path you used on step 3.
  • The script can ask you the public certificate, just type the path you used on step 3;
  • To confirm the change, type ‘y’ and press enter;
  • After the completion, restart the hostcontext service using the command:
    service hostcontext restart
  • After the restarting the service, open the QRadar using HTTPs using your browser and verify the certificate;

Basically, the QRadar will make all the tricky part and will update the SSL certificate for you.

You can find the official documentation about the SSL certificate change in this link (that basically explain this 10 steps in 10 pages).

Advertisements

3 thoughts on “Changing the SSL Certificate

    Charkh said:
    April 4, 2014 at 10:58 am

    Be advised: SSL certificate change can cause Wincollect communication disruption with QRadar.

      RicardoReimão responded:
      April 4, 2014 at 2:35 pm

      Good catch Charkh. The SSL certificate replacement should be aligned with the WinCollect servers!

    William said:
    November 21, 2014 at 9:08 pm

    Does the install_ssl_cert.sh script natively support PCKS12 (.pfx) now? Last time I did this on QRadar (Version 7.0.0 MR5 I believe), you had to convert the PFX file to another supported format using OpenSSL or similar tool.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s