Setting up certificate-based authentication for HTTP Receiver

When you use the HTTP Receiver protocol, you must use a certificate that is issued by a certificate authority (CA). It can't be a self-signed certificate because it must be validated by a CA.

About this task

Important: If you are a QRadar on Cloud (QRoC) user, contact IBM support and open a support case to configure this certificate-based authentication if the target collector is the Console or Event Processor.

Before you begin

Before you import a PKCS12 file to use with the HTTP Receiver, you need a PKCS12 file that includes the certificate private key, endpoint certificate, and any intermediate certificates that are needed. Root CAs can be included in the chain but are not mandatory.

If you have a private key and certificate instead of a PKCS12 certificate, you must complete the following steps to convert them to a PKCS12 certificate:

  1. Locate the endpoint certificate private key, which is in PKCS1 encoding in PEM format. The file is called certificate.key. The private key must begin with BEGIN RSA PRIVATE KEY and end with END RSA PRIVATE KEY.
    Tip: If your key is in PEM format but begins with a BEGIN PRIVATE KEY header instead of BEGIN RSA PRIVATE KEY, then it is in PKCS8 encoding and must be converted to PKCS1 encoding before you continue.
  2. Locate the certificate chain in PEM format, with each certificate appended in the following order in the chain.crt file. The endpoint certificate must be first, then followed by one or more intermediate certificates as needed.
    Important: If your certificate is issued directly by a Root CA, you must provide only the endpoint certificate.
  3. Create the PKCS12 certificate with the certificate.key and chain.crt files by running the following command:
    openssl pkcs12 -export -out myserver.mycompany.net.p12 -inkey certificate.key -in chain.crt
  4. Create an export password to protect the private key in the PKCS12 container. The password is used to import the certificate into the QRadar keystore.
  5. Verify the details of the certificate by running the following command:
    keytool -list -v -keystore myserver.mycompany.net.p12 -storetype PKCS12
You can now import the PKCS12 certificate to use with HTTP Receiver.