Hi everyone,
I’m currently working on integrating a log source with TLS and need to obtain a certificate from the SecOps Forwarder. Does anyone know where I can find the forwarder certificate, or have any suggestions on how to retrieve it?
Any help or guidance would be greatly appreciated!
The certificate is something that you need to generate yourself and store on the server hosting the Chronicle Forwarder or BindPlane Agent.
Depending on the log source application, you may be able to self-sign the certificate. If self-signing, then simply provide the certificate file to your application to trust.
If this is not possible, then a trusted CA must sign it. After doing so, your application may automatically establish trust, but if not, provide the CA certificate to the application instead.
Assuming you are using the Forwarder:
Both the certificate and the cert key file need to be kept in a specifically named certs folder on the forwarder server.
Within your server, ../config/certs/ is where you put the cert files (with /config/ being the directory that houses your config file).
certificate: "/opt/chronicle/external/certs/cert_name.crt"
certificate_key: "/opt/chronicle/external/certs/cert_name.key"
minimum_tls_version: "TLSv1_2"
@nahatx Thank you. I am able to add certificate now on forwarder.
but i added manually to config.conf file. If I use GUI to configure forwarder settings, its adding cert information on auth.conf as well. due this forwarder runs in issue and gets restarted continually.
It worked properly after adding cert info/path in confg.conf file. kept auth.config file unchanged.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.