Troubleshooting
Problem
How do I import a certificate in Personal Exchange Format (PFX) from a Microsoft Certificate Generator in to QRadar?
Symptom
Normally, customers who need to import certificates use the import script in /opt/qradar/bin/install_ssl_cert.sh -b
add the path to the public key then add the path to the private key and the installation will error out with keys being reverted. Also there are no errors in the logs.
Cause
A .PFX is password protected and needs the password removed
Environment
Microsoft certificate generator
Resolving The Problem
How to convert a .pfx certificate file in to a .crt file for use by QRadar
- The following command exports the private key and saves it in “key.pem”.
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
- The following command exports the public key and saves it in “cert.crt”.
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.crt
- The following command removes the passphrase from the private key.
openssl rsa -in key.pem -out server.key
- After the conversion is complete the “server.key” can be imported in QRadar as a private key, and “cert.crt” can be used as the public key.
/opt/qradar/bin/install_ssl_cert.sh -b
. the following services will be restarted - Tomcat
- Hostcontext
For information on importing a .crt, .der, or .cert file, see the IBM knowledge Center
Replacing the default SSL certificate
Where do you find more information?
Related Information
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - IBM","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.2","Edition":"Enterprise","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21962506