Managing domain and certificates
QRadar® EDR provides support actions to assist you in managing certificates. You can also change your QRadar EDR domain if required.
QRadar® EDR provides support actions to assist you in managing certificates. You can also change your QRadar EDR domain if required.
QRadar EDR provides the update_cert action to the TLS certificates that are used to secure in-flight communication in the cluster either upon its expiry or for just updating the existing certificates.
Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.
For more information about certificate requirements, see Domain name and TLS certificates.
If your QRadar EDR platform uses the same TLS certificate as your Red Hat OpenShift Container Platform cluster and the TLS certificate is changed, run the sync_cluster_cert action to synchronize the TLS certificate with QRadar EDR.
Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.
The QRadar EDR certificate is used to access QRadar EDR services. QRadar EDR provides an action to validate these certificates.
Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.
The following output is a sample output of what might display after you run the command.
cpctl diagnostics check_cert --token $(oc whoami -t) Executing playbook check_cert.yaml- localhost on hosts: localhost - Gathering Facts... localhost ok [Login] Validate... [Login] Token... localhost done | stdout: [INFO] Logging in via token... Get CP4S Route... localhost ok Check CP4S Route... Get cp4s version... localhost ok Set namespace if not defined... localhost ok Check if cp4s version is defined... localhost ok Validate correct version of cp4s... Check if its a saas cluster... localhost ok Get switcher item... Retrieve current cp4s version... Validate correct version of cp4s... Get Foundations capability... localhost ok Get cp4s namespace... Set default capability... localhost ok Get foundations capability... localhost ok | stdout: reaqta Set Capability if its defined... localhost ok Get Foundations capability... localhost ok Get cp4s namespace... Set default capability... localhost ok Get foundations capability... localhost ok | stdout: CommonServicesSCIM Set Capability if its defined... localhost ok Get IBM Foundational Services Route... Check IBM Foundational Services Route... Ensure temp dir exists... localhost done Fetch CP4S truststore... localhost done Set reaqta route... localhost ok Test CP4S ingress... localhost ok Print CP4S Certificate when failed... Stop if CP4S Certificate is not valid... Test IBM Foundational Services Ingress... Print IBM Foundational Services Certificate when failed... Stop if IBM Foundational Services Certificate is not valid... Certificates are valid... localhost ok- Play recap - localhost : ok=17 changed=3 unreachable=0 failed=0 rescued=0 ignored=0
If the output from the command shows the certificates are invalid, you can replace the certificates. For more information, see Updating your QRadar EDR TLS certificates.
To change your QRadar EDR fully qualified domain name (FQDN), update the domain value in the ibmsecurityedr custom resource (CR), and update the TLS certificates.
Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.
For more information about domain name requirements, see Domain name and TLS certificates.