How To
Summary
This document aims to help administrators who are not familiar with cryptography and are given a certificate for IBM Security QRadar SOAR that was not created by using the cert-req utility. It involves importing the private key, server certificate, and all intermediary and root certificates into a PKCS12/PFX file. This file is then imported into a Java keystore that replaces the current keystore used by IBM Security QRadar SOAR.
Steps
For importing a PEM certificate, private key, and certificate authority (CA) certificate files, follow these steps.
1. Copy the PEM certificate, private key, and CA certificates to the IBM Security QRadar SOAR appliance.
2. Create a PKCS12 file that contains the certificate, private key, and CA certificates (required to import into a Java keystore in step #3).
openssl pkcs12 -export -out cert.p12 -inkey privkey.pem -in cert.pem -certfile cacert.pemExplanations of the file names used in the example commandprivkey.pem - The private key created when the CSR was created in the external toolcert.pem - The server's certificatecacert.pem - A chained certificate file concatenated in the order of, intermediate 1 -> intermediate 2 -> intermediate 3 -> root certificates. This file may only contain the root certificate, but can contain many depending on the chain. Ensure the chain is in the correct order. If you need assistance engage the team who providsioned the certificate.Enter pass phrase for privkey.pem: <PASSWORD PROTECTING privkey.pem>Enter Export Password: <PASSWORD TO PROTECT NEW cert.p12>Verifying - Enter Export Password: <CONFIRM cert.p12 PASSWORD>
This creates a file called cert.p12 with the specified password.
3. Import the PKCS12 file into a Java keystore.
Note, you need to ensure there is no existing "keystore" file under the current directory before you run the following command.
keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore keystore -destalias co3 -deststorepass "$(sudo resutil keyvaultget -name keystore)" -destkeypass "$(sudo resutil keyvaultget -name keystore)"The command assumes the source alias is "1." If this is not correct then change the "-srcalias."
4. Copy the newly created keystore over the existing /crypt/certs/keystore file.
sudo cp /crypt/certs/keystore /crypt/certs/keystore.save
sudo cp keystore /crypt/certs/keystore
5. Restart IBM Resilient
sudo systemctl restart resilient-messaging(if you are on Resilient v32 or higher)
sudo systemctl restart resilient
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
07 April 2022
UID
ibm11160968