How To
Summary
The purpose of this article is to help the administrator reset the SAML certificate from the CLI when the certificate is expired or close to expire but the QRadar UI is not available.
Environment
QRadar deployments without the user interface available.
Steps
The /opt/qradar/ca/bin/reset-qradar-ca.sh script can be used for this task.
- Log in to the QRadar Console as root user.
- To obtain the ID of the QRadarSAML certificate, type:
/opt/qradar/ca/bin/si-qradarca list -print | awk -F, '{print $4,$5,$6}' | sort | uniq | grep 'SAML.crt'Output Example:/opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt 8In the previous example, the ID is 8. - Reset the certificate.
/opt/qradar/ca/bin/reset-qradar-ca.sh 8 --reset - Verify the QRadarSAML certificate expiration date.
openssl x509 -in /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt -text -noout | grep -A2 Validity - Verify the QRadarSAML certificates are now valid.
for i in $(/opt/qradar/ca/bin/si-qradarca list -print | awk -F, '{print $4}' | sort | uniq | grep SAML); \ do echo $i; openssl verify -CAfile /etc/pki/tls/cert.pem $i; done
Results
The SAML certificate is now renewed. The following output shows valid certificates.
/opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML_ca.crt /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML_ca.crt: OK /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt /opt/qradar/conf/SAMLAuthentication/SP/QRadarSAML.crt: OK
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
31 August 2022
UID
ibm16603935