Creating an SSL certificate signing request with 2048-bit RSA keys
Procedure
- Use SSH to log in to the QRadar Console.
-
Generate a private key file by using the following command:
openssl genrsa -out qradar.key 2048
Note: Do not use the private encryption options, because they can cause compatibility issues.The qradar.key file is created in the current directory. Keep this file to use when you install the certificate.
-
Generate the certificate signing request (CSR) file.
The qradar.csr file is used to create the SSL Certificate, with an internal CA or commercial certificate authorities. Run the following command, and provide necessary information as prompted:
openssl req -new -key qradar.key -out qradar.csr
Example output:You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:MyState Locality Name (eg, city) [Default City]:MyCity Organization Name (eg, company) [Default Company Ltd]:MyCompany Organizational Unit Name (eg, section) []:MyCompanyOrg Common Name (eg, your name or your server’s hostname) []:qradar.mycompany.com Email Address []:username@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
-
If you want to verify the information in the CSR before you send it, type the following
command:
openssl req -noout -text -in qradar.csr
If incorrect information was entered, run the OpenSSL command again to re-create the CSR file.
- Use the Secure File Transfer Protocol or another program to securely copy the CSR file to your computer.
-
Submit the CSR to your internal or commercial certificate authority for signing according to
their instructions.
Note: The CSR is identified as a certificate in Apache format.