Uploading a certificate

You can upload new client/server certificates or root CA certificates. When you upload a server/client certificate, you might need to upload a corresponding root CA. A root CA is needed when you upload a certificate to replace the default certificate generated by the QRadar local CA, and when that certificate is signed by a local authority.

Ensure you have the relevant certificates, keys, and files available.

Important:

Only RSA private keys in PEM-encoded PKCS#8 format are supported. If your key is either DER-encoded, in a format such as PKCS#1, or both, you must convert it to the correct format before you upload the key to Certificate Management. The following is an example of the conversion script:

openssl pkcs8 -topk8 -in private.key -inform DER -outform PEM -out private.pem

Click the Admin tab.
In the Apps section, select QRadar Certificate Management, and then click the QRadar Certificate Management icon to open the app.
To upload a new certificate, click Upload.
On the Upload new client/server certificate page, enter a descriptive name for the certificate to use as a quick identifier.
Select the purpose from the list.
Select the component from the list or add the component later.
When a component is assigned, the certificate can be used only with that component. The component predefines the name that identifies the QRadar component this certificate is uploaded for. If you don't want that certificate for any specific component in QRadar, don't assign a component.
Select or drag one of the following files:
- Key file
- Certificate file
- Intermediate file
- Root certificate file
The key file and certificate file are mandatory files. If an intermediate certificate exists, you must add it with the other certificate files.
Click Submit.

The new certificate is added and appears on the main page with Deploy Pending as the status.