How do I import a certificate in Personal Exchange Format (PFX) from a Microsoft Certificate Generator in to QRadar?
Normally, customers who need to import certificates use the import script in
/opt/qradar/bin/install_ssl_cert.sh -b add the path to the public key then add the path to the private key and the installation will error out with keys being reverted. Also there are no errors in the logs.
A .PFX is password protected and needs the password removed
Microsoft certificate generator
Resolving The Problem
How to convert a .pfx certificate file in to a .crt file for use by QRadar
- The following command exports the private key and saves it in “key.pem”.
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
- The following command exports the public key and saves it in “cert.crt”.
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.crt
- The following command removes the passphrase from the private key.
openssl rsa -in key.pem -out server.key
- After the conversion is complete the “server.key” can be imported in QRadar as a private key, and “cert.crt” can be used as the public key.
/opt/qradar/bin/install_ssl_cert.sh -b. the following services will be restarted
For information on importing a .crt, .der, or .cert file, see the IBM knowledge Center
Replacing the default SSL certificate
Where do you find more information?
Was this topic helpful?
16 June 2018