In this post we are going to explain in a simply way how to change the SSL certificate of QRadar. For the folks that already worked with IBM products know how tricky it were, but with QRadar it is way easier. In less than 10 steps you can import your self-signed or trusted certificated into QRadar.
- Get your self-signed or trusted certificate (remember: you need the public and private key);
- Log into your QRadar console using SSH;
- Transfer the certificate to some folder inside the QRadar, example:
/certificates/qradar_priv_certificate.pfx and /certificates/qradar_public_certificate.cer
- Execute the following command: /opt/qradar/bin/install_ssl_cert.sh -i
- The script will ask you the path to the private certificate file. Just type the path you used on step 3.
- The script can ask you the public certificate, just type the path you used on step 3;
- To confirm the change, type ‘y’ and press enter;
- After the completion, restart the hostcontext service using the command:
service hostcontext restart
- After the restarting the service, open the QRadar using HTTPs using your browser and verify the certificate;
Basically, the QRadar will make all the tricky part and will update the SSL certificate for you.
You can find the official documentation about the SSL certificate change in this link (that basically explain this 10 steps in 10 pages).