Creating an SSL certificate signing request with 2048-bit RSA keys

Procedure

  1. Use SSH to log in to the QRadar Console.
  2. Generate a private key file by using the following command:
    openssl genrsa -out qradar.key 2048
    Note: Do not use the private encryption options, because they can cause compatibility issues.

    The qradar.key file is created in the current directory. Keep this file to use when you install the certificate.

  3. Generate the certificate signing request (CSR) file.
    The qradar.csr file is used to create the SSL Certificate, with an internal CA or commercial certificate authorities. Run the following command, and provide necessary information as prompted:
    openssl req -new -key qradar.key -out qradar.csr
    Example output:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:US
    State or Province Name (full name) []:MyState
    Locality Name (eg, city) [Default City]:MyCity
    Organization Name (eg, company) [Default Company Ltd]:MyCompany
    Organizational Unit Name (eg, section) []:MyCompanyOrg
    Common Name (eg, your name or your server’s hostname) []:qradar.mycompany.com
    Email Address []:username@example.com
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
  4. If you want to verify the information in the CSR before you send it, type the following command:
    openssl req -noout -text -in qradar.csr

    If incorrect information was entered, run the OpenSSL command again to re-create the CSR file.

  5. Use the Secure File Transfer Protocol or another program to securely copy the CSR file to your computer.
  6. Submit the CSR to your internal or commercial certificate authority for signing according to their instructions.
    Note: The CSR is identified as a certificate in Apache format.