SSL certificates
Secure Sockets Layer (SSL) is an industry standard security protocol is used by
websites to protect online transactions. It provides communication privacy so that client/server
applications can communicate in a way that is designed to prevent eavesdropping, tampering, and
message forgery.
To generate an SSL link, a web server requires an SSL certificate. SSL
certificates are issued by internal or trusted third-party certifying authorities.
Browsers and operating systems include a preinstalled list of trusted certificates, which are
installed in the Trusted Root Certification authorities store.
- Self-signed certificates
- A self-signed certificate provides basic security, enabling data encryption between the user and the application. Because self-signed certificates cannot be authenticated by any existing known root certificate authorities, users are warned about this unknown certificate and must accept it to proceed.
- Internal CA signed certificates
- Organizations that have their own internal root certificate authority (CA) can create a certificate by using that internal CA. This certificate is supported by QRadar®, and the internal root CA is also imported into the QRadar environment.
- Public CA / Intermediate CA signed
- Certificates that are signed by known public CAs and intermediate certificates are supported by
QRadar.
Public signed certificates can be used directly in QRadar, and certificates that are signed with Intermediate CA are installed by using both the signed certificate and the intermediate certificate to provide valid certificate functions.
Note: An intermediate certificate is commonly used by organizations that create multiple SSL keys in their environment, and want to have them signed by a known commercial certificate vendor. When they use the intermediate key, they can then create sub-keys from this intermediate key. When this configuration is used, QRadar must be configured with both the intermediate certificate and the host SSL certificate so that connections to the host can verify the full certificate path.