IBM Support

Handling App Certificates

How To


Summary

This tutorial will show how to package, load and use custom certificates in an IBM QRadar app. Following the process outlined in this tutorial will ensure that the app is able to correctly pick up certificates provided.

Please note that this method only installs a certificate for a single app, to install certificates on a QRadar instance and to distribute them to all apps the certificates must be imported through QRadar.

If you have already added the certificate to the QRadar host and imported it into the trusted CA certificate bundle then you do not need to do the following steps.

Steps

Prerequisites

  • A QRadar app to add the custom certs to
  • An SSL certificate to include in the app

Add the custom certificate

Create the directory for holding the app certificates from the top-level directory of your app workspace:

mkdir store/certs

Copy the certificate into this directory:

cp <certificate> store/certs/<certificate>

The store/certs directory is a special directory, designed specifically for storing custom app certificates. Since this is in the store/ directory these certificates will be persisted, across shutdowns, upgrades, and migrations. At runtime these certs are copied to a directory /opt/app-root/store/certs.

Write a startup script to process custom certificates

In order to pick up any custom certificates in the /opt/app-root/store/certs directory the app needs to include a startup script which will call a special script included in the app container to import any certs in /opt/app-root/store/certs.

Create a new file container/run/import_certs.sh:

as_root /opt/app-root/bin/update_ca_bundle.sh

This script runs at startup, and uses the as_root feature to run the special update_ca_bundle.sh script as a sudo user. This script will import any certificates stored in store/certs and make them available to the app to use.

To let QRadar know to run this script as part of startup, we need to include a file container/run/ordering.txt which tells QRadar which scripts to run as part of app startup, which should be:


/opt/app-root/container/run/import_certs.sh

Run the app/package the app

The app can then be run locally with:

qapp run

Or packaged and deployed with:

qapp package -p <app zip name>

qapp deploy -p <app zip name> -q <qradar console> -q <qradar user>

Adding a custom certificate to an app at runtime

Your app can support loading in custom certificates at runtime, allowing users to upload their own certificates and the app being able to load them without restarting.

These steps outline the process required without any specific implementation:

  1. Allow the user to upload a certificate file, save/copy this file to the /opt/app-root/store/certs directory.
  2. From your code run sudo /opt/app-root/bin/update_ca_bundle.sh to import the certificate, for example using Python:

import os

os.system('sudo /opt/app-root/bin/update_ca_bundle.sh')
  1. The certificate is now imported into the app and can be used.
  2. To automatically import the certs for this app in the future in the case of restarts, follow the process outlined above in 'Write a startup script to process custom certificates'.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021

UID

ibm16437447