IBM Support

QRadar: Custom TLS Syslog certificate cases and support policies

Question & Answer


Question

This article informs administrators about QRadar® Support policies related to custom TLS Syslog certificates. This document outlines out-of-scope cases for custom TLS certificates and the responsibilities of the QRadar administrator. 

Answer

Responsibilities for custom TLS certificate issues

Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. QRadar uses TLS in Log Source configurations and setting up WinCollect Destinations, among other things.

Support type Description Responsibility
Custom TLS Syslog certificate support
QRadar technical support teams can assist administrators with custom TLS certificates errors, questions, and issues, such as:
  1. The Log Source Management application protocol test shows an error such as an SSL Handshake error.
  2. Issues with the QRadar Certificate Management application and errors when certificates are used with the latest version of the TLS Syslog protocol.
  3. Troubleshooting assistance is provided until IBM Security® Support identifies whether the problem is caused by the custom certificates. For example,
    • An intermediate certificate is not correct.
    • A Certificate is using an invalid certificate authority (CA).
    • Certificate was not created correctly.
  4. In a QRadar on Cloud (QRoC) deployment, assisting a customer to place certificate files in correct directories on the Data Gateways.
  5. Adding certificates in the correct directories on the QRadar on Cloud Console since the customer does not have Command Line Interface (CLI) access.
  6. IBM® Support can suggest and recommend technical actions to be carried out by the customer to resolve TLS Syslog certificate issues.
 QRadar technical support

To open a case or report a TLS certificate error, contact QRadar technical support.
Out-of-scope for QRadar Support Administrators are responsible for custom TLS certificates. IBM® QRadar® support cannot create or modify certificates, CSRs, or keys. Certificates and passwords must be handled or maintained by the customer for security reasons.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
29 June 2021

UID

ibm16427789

Page Feedback