Troubleshooting
Problem
TLS Syslog Log Sources might not work properly if the proper certificate files of both public and private keys are not used.
Cause
QRadar TLS Syslog might not work if the custom private key pair is not DER-encoded PKCS8.
Resolving The Problem
Procedure to create a key pair in the .der format by using OpenSSL:
Make sure OpenSSL is installed on any supported Operating System. From Command line, run the following 4 commands.
The key pair to use would be:
/tmp/private_key.der
/tmp/public_key.pem
Make sure OpenSSL is installed on any supported Operating System. From Command line, run the following 4 commands.
openssl genrsa -out /tmp/private_key.pem 2048
openssl pkcs8 -topk8 -inform PEM -outform DER -in /tmp/private_key.pem -out /tmp/private_key.der -nocrypt
openssl req -new -key /tmp/private_key.pem -out /tmp/csr.pem
openssl req -x509 -sha512 -days 365 -in /tmp/csr.pem -key /tmp/private_key.der -keyform DER -out /tmp/public_key.pemThe key pair to use would be:
/tmp/private_key.der
/tmp/public_key.pem
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
02 April 2020
UID
swg21986465