Importing a Cisco Firepower Management Center certificate in QRadar
The estreamer-cert-import.pl script for QRadar converts your pkcs12
certificate file to a keystore and truststore file and copies the certificates to your QRadar appliance. Repeat this
procedure for each Firepower Management Center pkcs12 certificate that you need to import to your
QRadar
Console or Event Collector.
Before you begin
You must have root or su - root privileges to run the
estreamer-cert-import.pl import script.
About this task
The estreamer-cert-import.pl import script is stored on your QRadarEvent Collector when you
install the Cisco Firepower eStreamer protocol.
The script converts and imports only 1 pkcs12 file at a time. You are required to import a
certificate only for the QRadar appliance that receives the Firepower Management Center events. For example, after the Firepower
Management Center event is categorized and normalized by an Event Collector in a QRadar deployment, it is forwarded
to the QRadar
Console. In this scenario,
you would import a certificate to the Event Collector.
When you import a new certificate, existing Firepower Management Center certificates on the QRadar appliance are renamed to
estreamer.keystore.old and estreamer.truststore.old.
Procedure
Log in as the root user by using SSH on the QRadar appliance that will receive
the events.
Copy the downloaded certificate from your Firepower Management Center appliance to a temporary
directory on the QRadarEvent Collector.
Type the following command to import your pkcs12 file.
The -f parameter is required. All other parameters that are described in the
following table are optional.
Table 1. Import script command
parameters
Parameter
Description
-f
Identifies the file name of the pkcs12 files to import.
-o
Overrides the default eStreamer name for the keystore and truststore files. Use the
-o parameter when you integrate multiple Firepower Management Center devices.
For example, /opt/qradar/bin/estreamer-cert-import.pl -f <file name>
-o <IP_address>
The import script creates the following files:
/opt/qradar/conf/<IP_address>.keystore
/opt/qradar/conf/<IP_address>.truststore
-d
Enables verbose mode for the import script. Verbose mode is intended to display error
messages for troubleshooting purposes when pkcs12 files fail to import properly.
-p
Specifies a password if a password was provided when you generated the pkcs12 file.
-v
Displays the version information for the import script.
-h
Displays a help message about using the import script.
Results
The import script displays the location where the import files were copied.