Uploading a certificate
You can upload new client/server certificates or root CA certificates. When you upload a server/client certificate, you might need to upload a corresponding root CA. A root CA is needed when you upload a certificate to replace the default certificate generated by the QRadar local CA, and when that certificate is signed by a local authority.
Ensure you have the relevant certificates, keys, and files available.
Important:
Only RSA private keys in PEM-encoded PKCS#8 format are supported. If your key is either
DER-encoded, in a format such as PKCS#1, or both, you must convert it to the correct format before
you upload the key to Certificate Management. The following is an example of the conversion
script:
openssl pkcs8 -topk8 -in private.key -inform DER -outform PEM -out private.pem
The new certificate is added and appears on the main page with Deploy Pending as the status.