This tutorial will show how to package, load and use custom certificates in an IBM QRadar app. Following the process outlined in this tutorial will ensure that the app is able to correctly pick up certificates provided.
Please note that this method only installs a certificate for a single app, to install certificates on a QRadar instance and to distribute them to all apps the certificates must be imported through QRadar.
If you have already added the certificate to the QRadar host and imported it into the trusted CA certificate bundle then you do not need to do the following steps.
- A QRadar app to add the custom certs to
- An SSL certificate to include in the app
Add the custom certificate
Create the directory for holding the app certificates from the top-level directory of your app workspace:
Copy the certificate into this directory:
cp <certificate> store/certs/<certificate>
store/certs directory is a special directory, designed specifically for storing custom app certificates. Since this is in the
store/ directory these certificates will be persisted, across shutdowns, upgrades, and migrations. At runtime these certs are copied to a directory
Write a startup script to process custom certificates
In order to pick up any custom certificates in the
/opt/app-root/store/certs directory the app needs to include a startup script which will call a special script included in the app container to import any certs in
Create a new file
This script runs at startup, and uses the
as_root feature to run the special
update_ca_bundle.sh script as a sudo user. This script will import any certificates stored in
store/certs and make them available to the app to use.
To let QRadar know to run this script as part of startup, we need to include a file
container/run/ordering.txt which tells QRadar which scripts to run as part of app startup, which should be:
Run the app/package the app
The app can then be run locally with:
Or packaged and deployed with:
qapp package -p <app zip name> qapp deploy -p <app zip name> -q <qradar console> -q <qradar user>
Adding a custom certificate to an app at runtime
Your app can support loading in custom certificates at runtime, allowing users to upload their own certificates and the app being able to load them without restarting.
These steps outline the process required without any specific implementation:
- Allow the user to upload a certificate file, save/copy this file to the
- From your code run
sudo /opt/app-root/bin/update_ca_bundle.shto import the certificate, for example using Python:
import os os.system('sudo /opt/app-root/bin/update_ca_bundle.sh')
- The certificate is now imported into the app and can be used.
- To automatically import the certs for this app in the future in the case of restarts, follow the process outlined above in 'Write a startup script to process custom certificates'.
Was this topic helpful?
30 March 2021