IBM Support

QRadar: TLS Syslog support of DER-encoded PKCS8 custom certificates

Troubleshooting


Problem

TLS Syslog Log Sources might not work properly if the proper certificate files of both public and private keys are not used.

Cause

QRadar TLS Syslog might not work if the custom private key pair is not DER-encoded PKCS8.

Resolving The Problem

Procedure to create a key pair in the .der format by using OpenSSL:
Make sure OpenSSL is installed on any supported Operating System. From Command line, run the following 4 commands.

openssl genrsa -out /tmp/private_key.pem 2048
openssl pkcs8 -topk8 -inform PEM -outform DER -in /tmp/private_key.pem -out /tmp/private_key.der -nocrypt
openssl req -new -key /tmp/private_key.pem -out /tmp/csr.pem
openssl req -x509 -sha512 -days 365 -in /tmp/csr.pem -key /tmp/private_key.der -keyform DER -out /tmp/public_key.pem


The key pair to use would be:
/tmp/private_key.der
/tmp/public_key.pem


 

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
02 April 2020

UID

swg21986465