IBM Support

QRadar: How to find whether the HTTP certificate being used by QRadar is a custom certificate or generated by the QRadar local Certificate Authority (CA)

How To


Summary

QRadar® can use custom HTTP certificates (self-signed, internal CA signed, public CA/intermediate CA signed) OR those certificates generated by the local CA (by using the /opt/qradar/ca/bin/install_qradar_ssl_cert.sh script). How can administrators find if QRadar is using custom HTTP certificates or those generated by the local CA?

Steps

Certificate details can be checked from an SSH session on the Console or accessing the QRadar GUI from a browser.

Using an SSH session on the Console

  1. Log in to the Console as root
  2. Run this command and check the output:
      
    openssl x509 -in /etc/httpd/conf/certs/cert.cert -text -noout| grep -i issuer
  3. Check for the Issuer field in the output of the command. If the value of that field is QRadar Local CA then the certificate was generated by the local CA. 

Using a browser to access the QRadar GUI

NOTE: The steps to check the certificate details, depend on the browser being used and the browser's version. Irrespective of the browser and its version, if the certificate is issued by QRadar Local CA, it is NOT a custom certificate. These steps are relevant only after the QRadar GUI is accessed by using the respective browser (so that the HTTPS protocol is used).
  1. For Mozilla™ Firefox™, refer to this link. Check for the field Issuer Name. If it states Common Name: QRadar Local CA, then that certificate was generated using the local CA. If the Common Name is different, then the certificate is a custom certificate.

    image 9284
  2. For Google® Chrome, click the padlock icon to the left of the QRadar GUI URL, then click Certificate. Under the General tab, check the Issued by field. If that field has the value, QRadar Local CA then it is not a custom certificate but was issued by the QRadar local CA.

    image 9277
     
  3. For Microsoft® Internet Explorer, click the padlock icon to the right of the QRadar GUI URL. Click View Certificates. Under the General tab, check the Issued by field. If that field has the value QRadar Local CA then it is not a custom certificate but was issued by the QRadar local CA. The user interface is similar to the one displayed for Google Chrome.

NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
 

Additional Information

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"},{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
16 April 2021

UID

ibm16442095

Page Feedback