Hi,
There are a few caveats around uploading your certificates directly from the shell, for example in terms of which user owns them (loginspect:loginspect), and if the configuration has to be pointed to a different certificate the configuration needs to be regenerated as well. So in most cases I would recommend uploading certificates from the GUI.
The web server certificates are kept in
/opt/makalu/etc/remote_connection/https_certificates/
On the LogPoint server you can generate a private key using
openssl genrsa -out private.key 2048
and then a certificate signing request using
openssl req -new -sha256 -key private.key -out logpointserver.csr
Once you have the resulting certificate you can upload them through the web interface under Settings → System Settings → HTTPS. Note that in my experience, certificates from Windows signing authorities are in binary format and need to be converted into the textual PEM format for use with OpenSSL in LogPoint.
The Syslog certificates are kept in
/opt/immune/etc/remote_connection/certificates/
With LogPoint 6.12 the Syslog certificates can also be uploaded directly from the GUI under Settings → System Settings → Syslog TLS. I usually find that the systems sending encrypted Syslog data are already using their own keys and we just supply those to LogPoint.
For the Windows agent you can generate your own certificates from the Plugin GUI under Settings → System → Plugins → Search for “LPA” → Manage. These are then pushed to the agents. There is not usually a need to supply your own, but you can upload them from the GUI there as well.
The Windows agent certificates are kept in
/opt/makalu/storage/col/lpamanager/certs
As for best practices, perhaps some other people can join in, as I only ever see test, demo and POC systems! :)
Hi
Think I got my questions answered Thanks a lot!.
Regards
Hans
Just for reference - the syslog certificates uploaded through the web UI are stored under
/opt/makalu/etc/remote_connection/syslog_certificates
at least in v6.12.2, maybe earlier-