Anonymous_User Absent Member.
Absent Member.
341 views

Sentinel Syslog SSL with company CA


Hello all,

I'm currently trying to setup Sentinel to use certificates from my
company Certification authority but I fall on a key length issue.

My Company CA is configured to deliver certificate but it is mandatory
that the key length is 2048 bits (ANSSI recommandation), and it seems
sentinel private key length is 1024 😞
How can I change/update this key used to generate CSR to 2048bit long ?

Thanks for your answers


--
winoa
------------------------------------------------------------------------
winoa's Profile: https://forums.netiq.com/member.php?userid=2802
View this thread: https://forums.netiq.com/showthread.php?t=45035

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Syslog SSL with company CA

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would guess you can use a certificate any length supported by Java,
and 2048 is definitely one Java should support (if not 4096). It
appears that the Syslog SSL event source server uses the same
certificate (at least by default) as the Novell Audit event source
server can use. As a result, using the Sentinel 7.x Administration
Guide in section 6.3.2 is the 'Server Key Pair' section which may help
you with what you're after. There are other configuration options on
the syslog side of things but it all appears to be for the client-side
authentication.

Another option is to tell your syslog event sources to trust the default
certificate which may be useful, especially if you area not wanting to
change the Novell Audit ESS certificate (assuming my belief of the two
being identical and not duplicate is correct).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQisCoAAoJEF+XTK08PnB5Jo4P/iL5k/FElxAKuM+lfgYe3hRn
KHsLlXBUhXX6AQ2Tj4l94Hjhe03pO5qUb2DRSNvDsi4wBJCP6SP17+ES8tFFpRcK
NjAH3/iNTCjPWwqem9QpipP+efvAp8+MfWqPcC3cO+y56ZFzQUiN4t6HfN/KHfGV
N/pO811SdWe+H3jbAnscnTzY7A7e6omWwEcFWaV4a8VUfYdhzT1Sq/uyRTEHjNl/
yIrMZQ92esjDbzcmkXr1fm77oGPQEP26C/sI4jMpr1zxOP1EC0ElQTrFzFJpapqL
Sff/X7a5/2OrO4+XjUOdIqRhhDu7IqQQSN2ZFb9irJJGB1Ix9VRaQwWz83LBd/0g
JEA2ofQi/w30W2dPKnc/cXsUFPfwcTayLmAtf4VdDFcph6h5kt798y8DVd9w61ip
drgMZT00GYgljWF0KeCm+Ua4OOjYZtgoIRp1FPOiOwuFNAoOmYio3GWZLq63u+Lj
QBKpPqO0Yaaip37JD2lIBGExie4KPM50G6KJuVSBvZXnrYzpAqSKMn4Ly7Qy1sOD
GlNVKp8uCSE2FIjLVu4svc7V9QDIrjNCEVW4+LmaPbmpO5Z+OGFBezb5GOgHMb9O
ynQnxu8FBNJNfTxAYdkwcTQizPnz+8UD5gbodRhx8lGOBncUvqHc3FmQhYG5t3qO
wehA55vn/wBuxLi3nItM
=qeVJ
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel Syslog SSL with company CA


Hello,

Sorry for my late update.
I was unable to create my truststore with the truststorecreator.bat or
truststorecreator.sh.

I created a java keystore using "portecle" and it was accepted by
sentinel.

thanks


--
winoa
------------------------------------------------------------------------
winoa's Profile: https://forums.netiq.com/member.php?userid=2802
View this thread: https://forums.netiq.com/showthread.php?t=45035

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.