IBM Support

Importing the certificate chain or a p7b certificate into IBM Resilient

How To


Summary

Importing the certificate chain or a p7b certificate into IBM Resilient

Steps

If you obtain the intermediate certificate and root certificate with the server certificate from your certificate authority (CA), or if you obtain a p7b file from your CA, you can follow the following procedure to import the certificate to IBM Resilient.

1. Convert the certificate to a PEM certificate using one of the following ways based on what you have:

a. If you receive a PKCS7 file (.p7b file) encoded with DER which contains the certificate chain, run command:

openssl pkcs7 -in certificate.p7b -inform DER -print_certs -outform PEM -out chain_cert.pem

b. If you receive a PKCS7 file (.p7b file) encoded with PEM which contains the certificate chain, run command:

openssl pkcs7 -in certificate.p7b -inform PEM -print_certs -outform PEM -out chain_cert.pem

c. If you receive the server certificate, intermediate certificate and root certificate separately in PEM format, run command:

cat server_cert.pem inter_cert.pem root_cert.pem >> chain_cert.pem

d. If you receive the server certificate, intermediate certificate and root certificate separately in DER format, you need to convert them to PEM format and follow the above point C to create the chain certificate. The commands are:

openssl x509 -inform der -in certificate.cer -out certificate.pem

cat server_cert.pem inter_cert.pem root_cert.pem >> chain_cert.pem

2. Open the new generated "chain_cert.pem" by a text editor and delete everything outside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- boundaries (keep only the encoded content within the boundaries, the certificates themselves) and save it.
The format of the "chain_cert.pem" file will look like:

-----BEGIN CERTIFICATE----- 
CA File from CertNow Base64 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
CA File from CertNow Base64 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
xx Actual Cert Base 64 
-----END CERTIFICATE-----

3. Import the certificate by command:

sudo cert-import chain_cert.pem

4. Verify the certificate is available in keystore by command:

sudo keytool -list -v -keystore /crypt/certs/keystore -storepass "$(sudo resutil keyvaultget -name keystore)"

5. Restart Resilient service:

sudo systemctl restart resilient

If you are on Resilient v32 or a higher version, you also need to restart resilient-messaging service:

sudo systemctl restart resilient-messaging

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
19 April 2021

UID

ibm11160974

Page Feedback