Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
719 views

SmartConnector Add new destination

Jump to solution


Hello Experts,

I wanted to add a new ESM destination to SmartConnector and  receive the logs from this connector on both ESM.

The certificate 'cacerts' of old ESM already existed in directory 'Security' , if I'm adding a new ESM destination where do I put the new ESM 'cacert' ?

If I copy  the new cacerts in the same directory it will replace with the old one , and if I do that my old ESM may not recieve logs from this connector, not sure if this would happen but thats what I think...

Please advise,

Thanks,

Mohammed.

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi Mohammed,

cacert is not a certificate its a certificate store. And you can import multiple certificate and keypairs into it by using arcsight keytool.

Single cacert store can hold multiple keypairs and certificates. You need to import your another esm self signed certificate to existing cacert.

so first you need to export one and then you need to import that in old cacert.

Steps are little long so just giving you reference, Check out page number 34 or 38.

Topic: Tools for SSL configuration.

Regards,

Anwar

View solution in original post

0 Likes
5 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi Mohammed,

cacert is not a certificate its a certificate store. And you can import multiple certificate and keypairs into it by using arcsight keytool.

Single cacert store can hold multiple keypairs and certificates. You need to import your another esm self signed certificate to existing cacert.

so first you need to export one and then you need to import that in old cacert.

Steps are little long so just giving you reference, Check out page number 34 or 38.

Topic: Tools for SSL configuration.

Regards,

Anwar

View solution in original post

0 Likes
Commodore
Commodore

Quick and dirty:

- on machine with connector as user arcsight do

openssl s_client -connect new-esm-hostname:8443

you'll see a lot of stuff including the server cert. copy/paste the lines from BEGIN CERTIFICATE to END CERTIFICATE (including those two lines) to a file $AGENT_HOME/new-esm-hostname.crt

then go to $AGENT_HOME and do

jre/bin/keytool -importcert -keystore jre/lib/security/cacerts -file new-esm-hostname.crt -alias new-esm-hostname -trustcacerts

keystore pw is changeit if it wasn't changed and say yes when asked to trust the new ca cert.

Joachim

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Have you tried the suggested solution ?

0 Likes
Absent Member.
Absent Member.

Hello Anwar and jring,

Thanks for sharing the valuable information and for the solution.

I did not try yet, will update you once I do it.

Thanks again,

Regards,

mohammed

0 Likes
Absent Member.
Absent Member.

+1 for s_client, by far one of my favorite tools.

Here is a little more info, since I know this isn't installed by default for everyone

OpenSSL


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.