Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

IF-MAP Server Certificates

 

The Interface For Metadata Access Points (IF-MAP) rule response enables the JSA console to publish alert and offense data that is derived from events, flows, and offenses to an IF-MAP server.

Before you can configure IF-MAP authentication on the System Settings window, you must configure your IF-MAP server certificate.

Configuring IF-MAP Server Certificate for Basic Authentication

This task provides instruction for how to configure your IF-MAP certificate for basic authentication.

Contact your IF-MAP server administrator to obtain a copy of the IF-MAP server public certificate. The certificate must have the .cert file extension.

  1. Using SSH, log in to JSA as the root user.
  2. Copy the certificate to the /opt/qradar/conf/trusted_certificates directory.

Configuring IF-MAP Server Certificate for Mutual Authentication

Mutual authentication requires certificate configuration on your JSA console and on your IF-MAP server.

This task provides steps to configure the certificate on your JSA console. For assistance configuring the certificate on your IF-MAP server, contact your IF-MAP server administrator.

Contact your IF-MAP server administrator to obtain a copy of the IF-MAP server public certificate. The certificate must have the .cert file extension.

  1. Using SSH, log in to JSA as the root user.
  2. Access the certificate to the /opt/qradar/conf/trusted_certificates directory
  3. Copy the SSL intermediate certificate and SSL Verisign root certificate to your IF-MAP server as CA certificates. For assistance, contact your IF-MAP server administrator.
  4. Type the following command to create the Public-Key Cryptography Standards file with the .pkcs12 file extension:

    openssl pkcs12 -export -inkey <private_key> -in <certificate> -out <pkcs12_filename.pkcs12> -name "IFMAP Client"

  5. Type the following command to copy the pkcs12 file to the /opt/qradar/conf/key_certificates directory:

    cp <pkcs12_filename.pkcs12> /opt/qradar/conf/key_certificates

  6. Create a client on the IF-MAP server with the certificate authentication and upload the SSL certificate. For assistance, contact your IF-MAP server administrator.
  7. Type the following command to change the permissions of the directory:

    chmod 755 /opt/qradar/conf/trusted_certificates chmod 644 /opt/qradar/conf/trusted_certificates/*.cert

  8. Type the following command to restart the Tomcat service:

    systemctl restart tomcat

Related Documentation