IBM Support

QRadar: Patching to 7.4.2 regenerates default certificates in compliance with a check in the patch

Troubleshooting


Problem

Administrators patching to any version of 7.4.2, if custom certificates are used, the certificates are reverted to the QRadar default self-signed certificates. When the GUI loads, it reports an unsecure connection.

Symptom

When you patch to any version of 7.4.2, a Certificate renewal prompt is shown for the default certificates.

The following check is shown by the patch:

Patch: 2072
--------------------------------------------------------------------------------

Hostname 'hostname.qradar.example' requires certificates to be renewed.
This is due to use of upper case and RFC 4343 compliance fixes in this patch.

    On all managed hosts patched from the Console, the certificates will be updated as well.

Do you wish to continue? (Y/N):

Cause

Compliance with the patch.

Environment

This issue is seen in most upgrades to 7.4.2 and its FixPacks.

Diagnosing The Problem

The following check is shown by the patch:

Patch: 2072
--------------------------------------------------------------------------------

Hostname 'hostname.qradar.example' requires certificates to be renewed.
This is due to use of upper case and RFC 4343 compliance fixes in this patch.

    On all managed hosts patched from the Console, the certificates will be updated as well.

Do you wish to continue? (Y/N):

Resolving The Problem

After the patch, the custom or 3rd party certificates can be put back in place following:

1. Back up the current certificates files.
mkdir -p /store/IBM_Support/
cp -pfv /etc/httpd/conf/certs/* /store/IBM_Support/
2. Reinstall the original certificate and key.
  • Use SSH to log in to the QRadar Console as the root user. Install the certificate by entering the following command: 
    /opt/qradar/bin/install-ssl-cert.sh
  • At the Path to Public Key File (SSLCertificateFile) prompt, enter the path to the Public Key File. For example, 
    /etc/httpd/certs/cert.cert.orig
  • At the Path to Private Key File (SSLCertificateKeyFile) prompt, enter the path to the Private Key File. For example, 
    /etc/httpd/certs/cert.key.orig
Note: The certificate and key are stored in /etc/httpd/certs as cert.cert.orig and cert.key.orig.
 
SSLCertificateFile of /etc/httpd/conf/certs/cert.cert.orig
SSLCertificateKeyFile of /etc/httpd/conf/certs/cert.key.orig

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS005682659","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.2"}]

Document Information

Modified date:
18 August 2021

UID

ibm16469925

Page Feedback