Juniper STRM 2008.2 - TECHNICAL NOTE USING A TRUSTED CERTIFICATE 6-2008 Using
Using a trusted certificate
Hide thumbs
Also See for STRM 2008.2 - TECHNICAL NOTE USING A TRUSTED CERTIFICATE 6-2008:
- Manual (8 pages) ,
- Troubleshooting tips (6 pages) ,
- Upgrade manual (5 pages)
Advertisement
Quick Links
Understanding SSL
Certificates
Release 2008.2
J
N
UNIPER
T
ECHNICAL
U
T
SING A
RUSTED
June 2008
By default, STRM and STRM Log Management provide an untrusted SSL
certificate. You can replace the untrusted SSL certificate with a trusted certificate.
This document provides the following information:
•
Understanding SSL Certificates
Replacing the Untrusted SSL Certificate
•
Secure Sockets Layer (SSL) is the transaction security protocol used by web sites
to provide an encrypted link between a web server and a browser. SSL is an
industry standard and is used by web sites to protect online transactions. To be
able to generate an SSL link, a web server requires an SSL certificate. SSL
certificates are issued by:
•
Software - This generally available software, such as Open SSL or Microsoft's
Certificate Services manager, issues SSL certificates known as self-signed
certificates. Self-signed certificates are not inherently trusted by browsers and
although they can be used for encrypting data, there is no third-party
verification process used to identify the server sending the certificate. They
cause browsers to display warning messages that inform the user that the
certificate has not been issued by an entity that the user has chosen to trust.
Trusted third-party certifying authorities - These certification authorities, such as
•
VeriSign or Thawte, use their trusted position to issue trusted SSL certificates.
SSL certificates issued by trusted certification authorities do not display a
warning and transparently establish a secure link between a web site and a
browser.
Browsers and operating systems include a pre-installed list of trusted certification
authorities, known as the Trusted Root CA store. As Microsoft and Netscape
provide the major operating systems and browsers, they elect whether or not to
include the certification authority into the Trusted Root CA store, thereby giving the
certification authority its trusted status. STRM supports any trusted certificate
where their Trusted Root CA is in the browser and java keystores.
ETWORKS
N
OTE
C
ERTIFICATE
STRM
Advertisement
Related Manuals for Juniper STRM 2008.2 - TECHNICAL NOTE USING A TRUSTED CERTIFICATE 6-2008
Summary of Contents for Juniper STRM 2008.2 - TECHNICAL NOTE USING A TRUSTED CERTIFICATE 6-2008
- Page 1 STRM UNIPER ETWORKS ECHNICAL SING A RUSTED ERTIFICATE June 2008 By default, STRM and STRM Log Management provide an untrusted SSL certificate. You can replace the untrusted SSL certificate with a trusted certificate. This document provides the following information: • Understanding SSL Certificates Replacing the Untrusted SSL Certificate •...
- Page 2 Replacing the You can replace the untrusted SSL certificate provided with your STRM or STRM Untrusted SSL Log Management with a certificate issued by a trusted third-party certifying Certificate authority. Note: You cannot replace the provided certificate with another untrusted (self-signed) certificate.
- Page 3 Replacing the Untrusted SSL Certificate For more information on installing an intermediate certificate, see the documentation from your certificate authority. Enter the following command: Step 5 /opt/qradar/bin/install_ssl_cert.sh /etc/httpd/conf/certs/cert.cert The following message appears: Installing a new SSL certificate in the QRadar system ... Changing the SSL certificate configuration variable...
- Page 4 Copyright Notice Copyright © 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners.