By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.



Similar documents
IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

REPLACING THE SSL CERTIFICATE

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

After you have created your text file, see Adding a Log Source.

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Using the Content Management Tool

This technical note provides information on how to customize your notifications. This section includes the following topics:

NSM Plug-In Users Guide

Adaptive Log Exporter Service Update

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Migrating Log Manager to JSA

Installing JSA Using a Bootable USB Flash Drive

Setting up an icap Server for ISG- 1000/2000 AV Support

STRM Log Manager Administration Guide

Juniper Secure Analytics

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

Certificate technology on Junos Pulse Secure Access

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI. Installing the Adaptive Log Exporter

Identity-Based Application and Network Profiling

Setting Up SSL on IIS6 for MEGA Advisor

Entrust Managed Services PKI Administrator Guide

Configuration Manager Error Messages

CHAPTER 7 SSL CONFIGURATION AND TESTING

IBM Security QRadar Vulnerability Manager Version User Guide

Managing Vulnerability Assessment

Wavecrest Certificate

ECA IIS Instructions. January 2005

Secure IIS Web Server with SSL

webmethods Certificate Toolkit

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Specops Command. Installation Guide

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

HP Device Manager 4.6

Identity-Based Traffic Logging and Reporting

JUNOScope IP Service Manager

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Adaptive Log Exporter Users Guide

Installing Logos SSL Certificates on Mobile Devices

Configuring Offboard Storage Guide

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

HP Device Manager 4.7

Certificate technology on Pulse Secure Access

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Configuring and Implementing A10

WinCollect User Guide

STRM Log Manager Users Guide

Junos Pulse for Google Android

JAMF Software Server Installation Guide for Windows. Version 8.6

/ Preparing to Manage a VMware Environment Page 1

Configuring TLS Security for Cloudera Manager

CA Spectrum and CA Service Desk

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Cisco SSL Encryption Utility

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

JAMF Software Server Installation Guide for Linux. Version 8.6

CA Nimsoft Unified Management Portal

Junos Space. Service Now User Guide. Release Published: Copyright 2013, Juniper Networks, Inc.

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Obtaining SSL Certificates for VMware View Servers

Securing Your Apache Web Server With a Thawte Digital Certificate

Working with Portecle to update / create a Java Keystore.

Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

PowerChute TM Network Shutdown Security Features & Deployment

Configuring HTTPS support. Overview. Certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

SolarWinds Technical Reference

Concepts & Examples ScreenOS Reference Guide

EMC Data Protection Search

SSL CONFIGURATION GUIDE

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

CA Performance Center

Managing Multi-Hypervisor Environments with vcenter Server


DOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS

Identikey Server Windows Installation Guide 3.1

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

RED HAT SECURE WEB SERVER 3.0 DEVELOPER EDITION FOR COBALT NETWORKS SERVERS

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

SSL Certificate Generation

Meeting PCI Data Security Standards with

ADSelfService Plus: Guide to Install SSL Certificate. 1 P a g e

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

APACHE HTTP SERVER 2.2.8

Configuring Secure Socket Layer (SSL) for use with BPM 7.5.x

Juniper Secure Analytics

Enable SSL in Go2Group SOAP Server

Converting SSG 300M-series and SSG 500M-series Security Devices to J-series Services Routers with a USB Storage Device

Installing Management Applications on VNX for File

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

IUCLID 5 Guidance and Support

Steps to import MCS SSL certificates on a Sametime Server. Securing LDAP connections to and from Sametime server using SSL

Transcription:

TECHNICAL NOTE REPLACING THE SSL CERTIFICATE AUGUST 2012 By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate. Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Intelligence. This document includes the following topics: Understanding SSL Certificates Replacing the Default SSL Certificate Understanding SSL Certificates Secure Sockets Layer (SSL) is the transaction security protocol used by websites to provide an encrypted link between a web server and a browser. SSL is an industry standard and is used by websites to protect online transactions. To be able to generate an SSL link, a web server requires an SSL certificate. SSL certificates are issued by: Software - This generally available software, such as Open SSL or Microsoft's Certificate Services manager, issues SSL certificates. These certificates are not inherently trusted by browsers, because they are not issued by a recognized authority. Although they can be used for encrypting data, there is no third-party assurance regarding the identity of the server sending the certificate. They cause browsers to display warning messages that inform the user that the certificate has not been issued by an entity that the user has chosen to trust. Trusted third-party certifying authorities - These certification authorities, such as VeriSign or Thawte, use their trusted position to issue trusted SSL certificates. SSL certificates issued by trusted certification authorities do not display a warning and transparently establish a secure link between a web site and a browser. Browsers and operating systems include a pre-installed list of trusted certification authorities, known as the Trusted Root CA (Certificate Authority) store. As Microsoft and Mozilla provide the major operating systems and browsers, they elect whether or not to include the certification authority into the Trusted Root CA store, thereby giving the certification authority its trusted status. Java Runtime Environment provides a set of trusted certificated authorities, as selected by Sun Microsystems.

2 TECHNICAL NOTE For the purpose of establishing SSL connections between the browser and Console, STRM trusts any certificate that is issued, directly or indirectly, from a trusted root CA in the browser and Java keystore. For the purpose of establishing all internal SSL connections between components, STRM does not trust certificates issued by a recognized authority. Instead, you must use the web server certificate pre-installed on the Console. Replacing the Default SSL Certificate Step 1 You can replace the untrusted SSL certificate with either a self-signed certificate or a certificate issued by a trusted third-party certifying authority. To replace the SSL certificate on your Console: Obtain a certificate from a trusted certificate authority. NOTE SSL certificates issued from some vendors, such as VeriSign, require an intermediate certificate. You must download the intermediate certificate from the vendor and use it during the configuration. Step 2 Step 3 Step 4 Using SSH, log in to your system as the root user: Username: root Password: <password> Choose one of the following options: If you require an intermediate certificate, see Step 4. If you do not require an intermediate certificate, see Step 5. If you require an intermediate certificate, follow this procedure. a Type the following command: /opt/qradar/bin/install_ssl_cert.sh -i The following message and prompt are displayed: This script installs a new SSL certificate Path to private key file (SSLCertificateKeyFile): b Type the directory path for your private key file. Press Enter on your keyboard. Path to public key file (SSLCertificateFile): c Type the directory path for your public key file. Press Enter on your keyboard. Path to SSL intermediate certificate file (SSLCACertificateFile - optional): d Type the directory path for your intermediate certificate. Press Enter on your keyboard.

Replacing the Default SSL Certificate 3 Step 5 e You have specified the following: SSLCertificateKeyFile of '<private certificate directory SSLCertificateFile of '<public certificate directory SSLCACertificateFile of '<intermediate certificate directory Continue and reconfigure Apache now (includes restart of httpd daemon) (Y/[N])? Type Y to continue. Press Enter on your keyboard. The following messages are displayed: Changing the SSL certificate configuration variable.. Restarting Apache Stopping httpd: [OK] Starting httpd: [OK] Restarting HostContext [Q] Shutting down hostcontext service: [OK] [Q] Starting hostcontext service: [OK] Successfully done. Go to Step 6. If you do not require an intermediate certificate, follow this procedure: a Type the following command: /opt/qradar/bin/install_ssl_cert.sh -b This script installs a new SSL certificate Path to private key file (SSLCertificateKeyFile): b At the Path to private key file prompt, type the directory path for your private key file. Press Enter on your keyboard. Path to public key file (SSLCertificateFile): c Type the directory path for your public key file. Press Enter on your keyboard. You have specified the following: SSLCertificateKeyFile of '<private certificate directory SSLCertificateFile of '<public certificate directory Continue and reconfigure Apache now (includes restart of httpd daemon) (Y/[N])? d Type Y to continue. Press Enter on your keyboard. The following messages are displayed:

4 TECHNICAL NOTE Step 6 Changing the SSL certificate configuration variable... Restarting Apache Stopping httpd: [ OK ] Starting httpd: [ OK ] Restarting HostContext [Q] Shutting down hostcontext service: [ OK ] [Q] Starting hostcontext service: [ OK ] Successfully done. Type the following command to restart the host context process on all non-console systems in your deployment: service hostcontext restart

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information