If you have issues with your certificate, such as an incorrect name or IP address, the
expiration date passed, or the IP or hostname on your console changed, follow these steps to
generate certificates that are signed by the QRadar® local certificate
authority.
Procedure
-
Back up the certificates that were installed previously that are not working.
Existing certificates are detected and reported when you run certificate generation, which can
cause the generation process to stop.
mkdir /root/backup.certs/
cp /etc/httpd/conf/certs/cert.* /root/backup.certs/
- Update the following items in the /opt/qradar/ca/conf.d/httpd.json
file:
- Set CertMonitorThreshold back to its original value. If the original value
is not known, remove from the file so that the defaults are used.
- Set CertSkip to false.
- Run the /opt/qradar/ca/bin/install_qradar_ssl_cert.sh command to
generate new certificates.