Importing a Cisco Firepower Management Center certificate in QRadar
The estreamer-cert-import.pl script for QRadar® converts your pkcs12 certificate file to a keystore and truststore file and copies the certificates to your QRadar appliance. Repeat this procedure for each Firepower Management Center pkcs12 certificate that you need to import to your QRadar Console or Event Collector.
Before you begin
You must have
su - root privileges to run the
estreamer-cert-import.pl import script.
About this task
estreamer-cert-import.pl import script is stored on your QRadar
Event Collector when you
install the Cisco Firepower eStreamer protocol.
The script converts and imports only 1 pkcs12 file at a time. You are required to import a certificate only for the QRadar appliance that receives the Firepower Management Center events. For example, after the Firepower Management Center event is categorized and normalized by an Event Collector in a QRadar deployment, it is forwarded to the QRadar Console. In this scenario, you would import a certificate to the Event Collector.
When you import a new certificate, existing Firepower Management Center certificates on the QRadar appliance are renamed to estreamer.keystore.old and estreamer.truststore.old.
- Log in as the root user by using SSH on the QRadar appliance that will receive the events.
- Copy the downloaded certificate from your Firepower Management Center appliance to a temporary directory on the QRadar Event Collector.
Type the following command to import your pkcs12 file.
/opt/qradar/bin/estreamer-cert-import.pl -f <pkcs12_absolute_filepath> optionsThe -f parameter is required. All other parameters that are described in the following table are optional.
Table 1. Import script command parameters Parameter Description -f Identifies the file name of the pkcs12 files to import. -o Overrides the default eStreamer name for the keystore and truststore files. Use the -o parameter when you integrate multiple Firepower Management Center devices. For example, /
opt/qradar/bin/estreamer-cert-import.pl -f <file name> -o <IP_address>The import script creates the following files:
-d Enables verbose mode for the import script. Verbose mode is intended to display error messages for troubleshooting purposes when pkcs12 files fail to import properly. -p Specifies a password if a password was provided when you generated the pkcs12 file. -v Displays the version information for the import script. -h Displays a help message about using the import script.