Setting up certificate-based authentication for HTTP Receiver
When you use the HTTP Receiver protocol, you must use a certificate that is issued by a certificate authority (CA). It can't be a self-signed certificate because it must be validated by a CA.
About this task
Important: If you are a QRadar on Cloud (QRoC) user, contact IBM support and open a support case
to configure this certificate-based authentication if the target collector is the Console or Event
Processor.
Before you begin
If you have a private key and certificate instead of a PKCS12 certificate, you must complete the following steps to convert them to a PKCS12 certificate:
- Locate the endpoint certificate private key, which is in PKCS1 encoding in PEM format. The file
is called certificate.key. The private key must begin with BEGIN RSA
PRIVATE KEY and end with END RSA PRIVATE KEY. Tip: If your key is in PEM format but begins with a BEGIN PRIVATE KEY header instead of BEGIN RSA PRIVATE KEY, then it is in PKCS8 encoding and must be converted to PKCS1 encoding before you continue.
- Locate the certificate chain in PEM format, with each certificate appended in the following
order in the chain.crt file. The endpoint certificate must be first, then
followed by one or more intermediate certificates as needed. Important: If your certificate is issued directly by a Root CA, you must provide only the endpoint certificate.
- Create the PKCS12 certificate with the certificate.key and
chain.crt files by running the following command:
openssl pkcs12 -export -out myserver.mycompany.net.p12 -inkey certificate.key -in chain.crt
- Create an export password to protect the private key in the PKCS12 container. The password is used to import the certificate into the QRadar keystore.
- Verify the details of the certificate by running the following command:
keytool -list -v -keystore myserver.mycompany.net.p12 -storetype PKCS12