Troubleshooting
Problem
Administrators patching to any version of 7.4.2, if custom certificates are used, the certificates are reverted to the QRadar default self-signed certificates. When the GUI loads, it reports an unsecure connection.
Symptom
When you patch to any version of 7.4.2, a Certificate renewal prompt is shown for the default certificates.
The following check is shown by the patch:
Patch: 2072
--------------------------------------------------------------------------------
Hostname 'hostname.qradar.example' requires certificates to be renewed.
This is due to use of upper case and RFC 4343 compliance fixes in this patch.
On all managed hosts patched from the Console, the certificates will be updated as well.
Do you wish to continue? (Y/N):
Cause
Compliance with the patch.
Environment
This issue is seen in most upgrades to 7.4.2 and its FixPacks.
Diagnosing The Problem
The following check is shown by the patch:
Patch: 2072
--------------------------------------------------------------------------------
Hostname 'hostname.qradar.example' requires certificates to be renewed.
This is due to use of upper case and RFC 4343 compliance fixes in this patch.
On all managed hosts patched from the Console, the certificates will be updated as well.
Do you wish to continue? (Y/N):
Resolving The Problem
After the patch, the custom or 3rd party certificates can be put back in place following:
1. Back up the current certificates files.
mkdir -p /store/IBM_Support/
cp -pfv /etc/httpd/conf/certs/* /store/IBM_Support/
2. Reinstall the original certificate and key.
- Use SSH to log in to the QRadar Console as the root user. Install the certificate by entering the following command:
- At the Path to Private Key File (SSLCertificateKeyFile) prompt, enter the path to the Private Key File. For example,
Note: The certificate and key are stored in /etc/httpd/certs as cert.cert.orig and cert.key.orig.
SSLCertificateFile of /etc/httpd/conf/certs/cert.cert.orig
SSLCertificateKeyFile of /etc/httpd/conf/certs/cert.key.orig
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS005682659","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.2"}]
Was this topic helpful?
Document Information
Modified date:
18 August 2021
UID
ibm16469925