Description
This article describes how to generate and apply a self-signed certificate to FortiSIEM, as well as how to apply a certificate from a certificate authority (CA).
Solution
Here is a step by step guide:
1) Log in to your Supervisor as root.
2) Generate the Private Key and Certificate Signing Request (CSR).
This step and the next applies to both self-signed and CA certificates.
openssl genrsa 2048 > fsiem.key
3) Create the Certificate Signing Request (CSR).
openssl req -new -key fsiem.key -out fsiem.csr
4) Create the self-signed certificate
If you want to use a certificate issued by a certificate authority, skip this step and send the CSR from Step 3 to the certificate authority. When you receive your certificate, proceed from Step 6 of these instructions.
openssl x509 -req -days 1461 -in fsiem.csr -signkey fsiem.key -out fsiem.crt
5) Verify the Self-Signed Certificate.
PUBLIC KEY must be matched
openssl rsa -in fsiem.key -pubout
openssl x509 -in fsiem.crt -pubkey
6) Apply the certificate by moving FortiSiem.crt and fsiem.key to /etc/httpd/conf.d.
7) Edit /etc/httpd/conf.d/ssl.conf file and make sure these parameters are configured with your certificate and private key filename.
- SSLCertificateFile /etc/httpd/conf.d/fsiem.crt
- SSLCertificateKeyFile /etc/httpd/conf.d/fsiem.key
8. Restart Apache.
service httpd restart
Related Articles
Technical Note: [Accelops KB] How to set up a proper CA-signed certificate
Technical Note: [Accelops KB] How to check communication between collector and super from collector ...
