IBM Support

QRadar: How to reset SAML certificate from the CLI

How To


The purpose of this article is to help the administrator reset the SAML certificate from the CLI when the certificate is expired or close to expire but the QRadar UI is not available.



The /opt/qradar/ca/bin/ script can be used for this task.

  1. Log in to the QRadar Console as root user.
  2. To obtain the ID of the QRadarSAML certificate, type:
    /opt/qradar/ca/bin/si-qradarca list -print | awk -F, '{print $4,$5,$6}' | sort | uniq | grep 'SAML.crt'
    Output Example:
    /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt 8
    In the previous example, the ID is 8.
  3. Reset the certificate.
    /opt/qradar/ca/bin/ 8 --reset
  4. Verify the QRadarSAML certificate expiration date.
    openssl x509 -in /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt -text -noout | grep -A2 Validity
  5. Verify the QRadarSAML certificates are now valid.
    for i in $(/opt/qradar/ca/bin/si-qradarca list -print | awk -F, '{print $4}' | sort | uniq | grep SAML); \
    do echo $i; openssl verify -CAfile /etc/pki/tls/cert.pem $i; done

    The SAML certificate is now renewed. The following output shows valid certificates.
    /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML_ca.crt: OK
    /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt: OK

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
31 August 2022