REPLACING THE SSL CERTIFICATE



Similar documents
REPLACING THE SSL CERTIFICATE

Adaptive Log Exporter Service Update

Migrating Log Manager to JSA

Using the Content Management Tool

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Installing JSA Using a Bootable USB Flash Drive

NSM Plug-In Users Guide

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

STRM Log Manager Administration Guide

Managing Vulnerability Assessment

WinCollect User Guide

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Log Sources Users Guide

STRM Log Manager Users Guide

Configuring Offboard Storage Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Adaptive Log Exporter Users Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

QUICK START GUIDE CX-MC200LE-VZ

ADMINISTRATOR S GUIDE

After you have created your text file, see Adding a Log Source.

Wireless Travel Mouse with 5-Buttons User Manual

Installation Guide 1-port USB 2.0 Print Server 1 GPSU21

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

WBSn Family. FW Upgrade

AG MacOS Standalone Array Client Administration Guide

Skyus 3G. Quick Start Guide Verizon

This technical note provides information on how to customize your notifications. This section includes the following topics:

P-660HN n Wireless ADSL2+ 4-port Gateway DEFAULT LOGIN DETAILS. Firmware Version 1.10 Edition 1, 9/2010. IP Address:

Tuning Guide. Release Juniper Secure Analytics. Juniper Networks, Inc.

User Manual. PePWave Surf / Surf AP Indoor Series: Surf 200, E200, AP 200, AP 400. PePWave Mesh Connector Indoor Series: MC 200, E200, 400

Dual Ports Serial PC Card User Manual

Dual-Cool Notebook Cooler Pad. User s Manual

IBM Security QRadar Version (MR1) Checking the Integrity of Event and Flow Logs Technical Note

Setting up an icap Server for ISG- 1000/2000 AV Support

Juniper Secure Analytics

Optical Wireless Mouse. User s Manual

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Creatix g Adapter CTX405 V.1/V.2 User Manual

Installation Guide USB Laptop KVM Switch GCS661U

USB Port Hub with USB Power Cable. User s Manual

Laser Wireless Rechargeable Mouse. User s Manual

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

RocketRAID 600 Series 6Gb/s SATA RAID Host Adapters (RocketRAID 620 and RocketRAID 622)

Symantec Managed PKI. Integration Guide for ActiveSync

User guide. Miracast Wireless Display IM10

1394 CardBus Quick Installation Guide

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

IBM Security QRadar Version Installing QRadar with a Bootable USB Flash-drive Technical Note

CA Nimsoft Unified Management Portal

xpico Wi-Fi Embedded Device Server Evaluation Kit Quick Start Guide

Symantec LiveUpdate Administrator. Getting Started Guide

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

Symantec AntiVirus Corporate Edition Patch Update

Pebble. E-Paper Watch for iphone and Android. 1 Button A. 4 Button B. 5 Button C. 2 Display. 6 Button D. 3 Charge Port

Getting started with Coin

mysensors mysensors Wireless Sensors and Ethernet Gateway Quick Start Guide Information to Users Inside the Box mysensors Ethernet Gateway Quick Start

RedTitan Print2PC Parallel Port Converter. Quick Installation Guide - US English. Product contents. Introduction. PC System Requirements

xpico Wi-Fi Embedded Device Server Evaluation Board Quick Start Guide

User Manual USB Laptop KVM Switch. GCS661U Part No. M1069

RocketStor SMART RAID

Bluetooth Stereo Headphone. User Guide. Hive

USB2VGA. Instruction Manual. USB to VGA Adapter. USB 2.0 to VGA External Multi Monitor Video Adapter

Oracle Enterprise Manager

Server Installation ZENworks Mobile Management 2.7.x August 2013

etoken Single Sign-On

Alarm Clock USER GUIDE

Certificate technology on Junos Pulse Secure Access

FortiFone QuickStart Guide for FON-370i

AVerMedia AVerKey imicro User s Manual

Symantec Protection for SharePoint Servers Getting Started Guide

HP Device Manager 4.6

Patch Management for Red Hat Enterprise Linux. User s Guide

Cisco Expressway CE500 Appliance

USB 2.0 Peripheral Switch USER MANUAL US221A / US421A

Key. ➍ Micro USB Port ➎ Operating System Toggle Keys ➏ Foam Screen Protectors. ➊ On/Off switch ➋ Bluetooth Connect Button (flashes when searching)

SoftRAID 5 QUICK START GUIDE. for OWC ThunderBay

PIR-1 Owner s Manual

USB Mini Print Server PS121. Installation Guide

SmartDock for Xperia ion User guide

Identity-Based Application and Network Profiling

TIBCO Enterprise Administrator Release Notes

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Kinivo 301BN HDMI Switch

ES-3305P V2 / ES-3308P V2. Quick Installation Guide / v1.0

Wireless Mouse USER GUIDE. for Mac. ONE YEAR LIMITED WARRANTY N2953

Cisco Prime Central Managing Certificates

Cisco Unified SIP Phone 3905 User Guide for Cisco Unified Communications Manager 8.6

USB 2.0 USB 2.0 ETHERNET AUDIO JACK AND RCA VIDEO HDMI MICRO SD CARD MICRO USB POWER

WLAN660 Wireless IP Phone Administrator s Guide

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

TIBCO ActiveMatrix BusinessWorks Plug-in for sftp Release Notes

FortiFone QuickStart Guide for FON-670i and FON-675i

SanDisk Connect Wireless Flash Drive QUICK START GUIDE

Dell Active Pen Series. User s Guide

DMX USB PRO. User Manual.

Plantronics.Audio 995 User Guide

CA Performance Center

Transcription:

Security Threat Response Manager REPLACING THE SSL CERTIFICATE Release 2013.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2013-07-19

Copyright Notice Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. The following terms are trademarks or registered trademarks of other companies: Java TM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Replacing the SSL Certificate Release 2013.2 Copyright 2013, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History July 2013 Replacing the SSL Certificate The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1 Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2

For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system AS IS, without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6server/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified. 3

4

CONTENTS 1 REPLACING THE SSL CERTIFICATE Understanding SSL Certificates.......................................... 7 Replacing the Default SSL Certificate..................................... 8

1 REPLACING THE SSL CERTIFICATE By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate. Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection. References to flows do not apply to STRM Log Manager. Understanding SSL Certificates Secure Sockets Layer (SSL) is the transaction security protocol used by websites to provide an encrypted link between a web server and a browser. SSL is an industry standard and is used by websites to protect online transactions. To be able to generate an SSL link, a web server requires an SSL certificate. SSL certificates are issued by software and trusted third-party certifying authorities. Generally available software, such as Open SSL or Microsoft's Certificate Services manager, issues SSL certificates. These certificates are not inherently trusted by browsers, because they are not issued by a recognized authority. Although they can be used for encrypting data, there is no third-party assurance regarding the identity of the server sending the certificate. They cause browsers to display warning messages that inform the user that the certificate has not been issued by an entity that the user has chosen to trust. Trusted third-party certification authorities, such as VeriSign or Thawte, use their trusted position to issue trusted SSL certificates. SSL certificates issued by trusted certification authorities do not display a warning and transparently establish a secure link between a website and a browser. Browsers and operating systems include a pre-installed list of trusted certification authorities, known as the Trusted Root CA (Certificate Authority) store. As Microsoft and Mozilla provide the major operating systems and browsers, they elect whether or not to include the certification authority into the Trusted Root CA store, thereby giving the certification authority its trusted status. Java TM Runtime Environment provides a set of trusted certificated authorities, as selected by Sun Microsystems. Replacing the SSL Certificate

8 REPLACING THE SSL CERTIFICATE For the purpose of establishing SSL connections between the browser and Console, STRM trusts any certificate that is issued, directly or indirectly, from a trusted root CA in the browser and Java TM keystore. For the purpose of establishing all internal SSL connections between components, STRM does not trust certificates issued by a recognized authority. Instead, you must use the web server certificate pre-installed on the Console. Replacing the Default SSL Certificate You can replace the untrusted SSL certificate with either a self-signed certificate or a certificate issued by a trusted third-party certifying authority. Before you begin CAUTION Do not encrypt the private key when installing or replacing an SSL certificate. If you encrypt the private key, your Console system pauses until you manually enter a password each time the Console restarts. This delay can disrupt event collection. About this task NOTE SSL certificates issued from some vendors, such as VeriSign, require an intermediate certificate. You must download the intermediate certificate from the vendor and use it during the configuration. To replace the SSL certificate on your STRM Console follow one of the two procedures below: Procedure when an Intermediate certificate is required: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Obtain a certificate from a trusted certificate authority. Using SSH, log in to your STRM Console as the root user: Username: root Password: <password> Type the following command: /opt/qradar/bin/install_ssl_cert.sh -i Type the directory path for your private key file. Press Enter. Type the directory path for your public key file. Press Enter. Type the directory path for your intermediate certificate. Press Enter. Type Y to continue. Press Enter. Replacing the SSL Certificate

Replacing the Default SSL Certificate 9 Procedure when an Intermediate certificate is not required: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Obtain a certificate from a trusted certificate authority. Using SSH, log in to your STRM Console as the root user: Username: root Password: <password> Type the following command: /opt/qradar/bin/install_ssl_cert.sh -b At the Path to private key file prompt, type the directory path for your private key file. Press Enter. Type the directory path for your public key file. Press Enter. Type Y to continue. Press Enter. What to do next: Type the following command to restart the host context process on all non-console systems in your deployment: service hostcontext restart Replacing the SSL Certificate

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information