I suppose you interpret something incorrectly from my instruction
What do you get if you simpy try to get the cert with openssl
openssl s_client -connect <YOURSERVERNME>:636
You can simply copy/paste the cert from the output of this command
Also make sure you can reach LDAP port (very basic diag step :))
nc -vv <YOURSERVERADDRESS> 636
L:
------------------------------
Vladx(x)
------------------------------
Original Message:
Sent: Fri October 14, 2022 07:27 AM
From: Siem Admin
Subject: LDAP Auth Certificate
Hi,
I tried the steps and am getting the following error as an output:
verify error:num=20:unable to get local issuer certificate
DONE
Regards
------------------------------
Siem Admin
Original Message:
Sent: Fri October 14, 2022 07:13 AM
From: Vladx(x)
Subject: LDAP Auth Certificate
Yes, we are using also AD, so the procedure below works on that as well. The command I sent should be executed on your console (AIO by your words). The command does not generate anything, it just retrieves the LDAPS cert from your server
L:
------------------------------
Vladx(x)
Original Message:
Sent: Fri October 14, 2022 07:03 AM
From: Siem Admin
Subject: LDAP Auth Certificate
Hi,
First of all we have Active directory not and ldap server.
Secondly, do i have to run this command on the qradar AIO server or LDAP server?
Finally, this command will straight away generate the cert or the snippet is missing from the chat?
Regards,
---------------------
Siem Admin
---------------------
------------------------------
Siem Admin
Original Message:
Sent: Fri October 14, 2022 06:51 AM
From: Vladx(x)
Subject: LDAP Auth Certificate
Hi,
So you need the server cert from the LDAP server configured in auth module and you have to put it here
/opt/qradar/conf/trusted_certificates
To get cert you can use the following snippet
echo -n | openssl s_client -connect <servername>:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <servername>.cert
make sure tp restart tomcat after that systemctl restart tomcat
Also, you should implement some procedure to replace the cert every time when the LDAP server cert is renewed (usually every year)
L:
------------------------------
Vladx(x)
Original Message:
Sent: Thu October 13, 2022 07:35 AM
From: Siem Admin
Subject: LDAP Auth Certificate
Hi,
I am trying to configure LDAP authentication with our Qradar instance (v7.4.3). All the configuration in Authentication module has been done and test connection successful. I am doing it with the unsecure encryption and none of the users seem to login. I have also not imported any certificate as of yet. I have a few doubt and it would be great if someone can clarify.
1. What exact certificate is required from LDAP server. I have asked my ldap admin to share the ssl/tls certificate and he still keeps asking what exact certificate is required and how he can generate it.
2. Want to make sure if my User Base DN field is correct, so please clarify from where I can pick this value. During testing, I have entered the value as per my understanding and it seems to show successful connection for a specific user only. If I try to test for any other user, it keeps failing.
3. For authentication bind, the login DN can be any user from LDAP which has read permissions or is there any specification to consider here?
PS: I have raised a support case as well but the engineer assigned does not seem to be knowledgeable and hasn't been able to help since past 2 weeks!
Regards
Rahul Gupta
------------------------------
Siem Admin
------------------------------