To establish a communication between QRadar and Apex Local Manager
(ALM) by using TLS encryption, you must create a self-signed certificate with public and private key
pairs.
Procedure
-
Log in to QRadar as a
root user by using SSH.
-
Create a self-signed certificate. For example:
openssl req -new -x509 -newkey rsa:2048 -days 3650 -sha512 -nodes -x509 -subj "/C=US/ST=<State>/L=<City>/O=IBM/OU=IBM Security/CN=qradar FQDN or ip address" -keyout apex-alm-tls.key -out apex-alm-tls.cert
-
Convert the private key to the required DER encode PKCS#8 format:
openssl pkcs8 -topk8 -inform PEM -outform DER -in apex-alm-tls.key -out apex-alm-tls.pk8 -nocrypt
Note:
- Use a unique filename if a certificate needs to be changed or updated.
- Put the certificate file in /opt/qradar/conf/trusted_certificates.
- Do not place the PKCS#8 formatted key file in
/opt/qradar/conf/trusted_certificates.
Warning: Make sure that you complete this step so that the connection works between ALM
and QRadar.