From management console, it does not allow you to import a private key. Sometimes if it is mandatory to pre-generate the key from another sources, you will not able to use the pre-generate key.
However, replacing the private key and certificate is not that difficult. They are located at
/opt/arcsight/logger/userdata/platform/ssl.crt
assuming the installation folder is /opt/arcsight/logger.
The private key file, must be not encrypted (-nodes), is called server.crt. The certificate file is called server.pem.
Replacing these two files with your own pre-generate private key and certificate, then restart the HP ArcSight Logger service. This makes the newly loaded private key and certificate effective.
This is not officially supported by HP, I think.
Subscribe to:
Post Comments (Atom)
1 comment:
That was useful thanks. The only comment I have is that the server.crt is the signed certificate and the server.pem is the private key. This confused me as, as far as I am aware, a pem file is normally a certificate.
See this useful description of all the SSL file types:
http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Post a Comment