IBM Security QRadar

 View Only

Configuring a TLS connection to a QRadar destination using the Windows Certificate Store

By Olga Hout posted Sat January 28, 2023 01:14 PM

  


To all of our WinCollect users, we have some exciting news. 



With the previous release of WinCollect 10.1.1 and the support for mTLS that went along with it, the next release of WinCollect 10.1.2 comes with added support for using the Windows Certificate Store as the default TLS trust store. 

Our users no longer need to manually provide the location or contents of a server certificate to the agent for mutual authentication to work with TLS. As long as the required root server certificate is installed on the Windows endpoint machine.

To explain further, because Certificates, in general, are a complex topic, here are a couple of real-world use cases that most of our users will likely encounter in the field:

  1. The TLS server you’re sending to has a certificate issued by an internal CA in your organization. As long as the endpoint running Wincollect has this certificate installed (Directy, Pushed via Group Policy, etc.), secure communication will be established by simply choosing this new option.
  2. Your TLS server has a certificate purchased or issued by a known CA (Digicert, Verisign, LetsEncrypt, etc.). These root certificates are the basis of day-to-day SSL communication on the Internet and are included by default in Windows and updated regularly, so choosing this new option will establish certificate trust with those without any additional steps required.

In short, as long as the required certificates are installed, they can select this newly added option and add the required fields when setting up a destination using mTLS in the WinCollect UI. More info on the new field changes is here.


Being a highly asked update, and we are glad to roll out this functionality for our customers. It makes a drastic difference regarding the usability and ease of setting up multiple standalone agents with mTLS, as certificates can be bulk installed across multiple boxes in a deployment. If the agent was already on an older version of WinCollect 10, then a simple upgrade script to change to the trust store source is all that is needed. See below:

[update_mTLSDestination.xml]



If you need guidance on generating your new mTLS private key passphrase, this detailed article will provide the steps.

The WinCollect team is incredibly proud of this new feature and how it simplifies a complicated topic like establishing trust with Certificates that most people will often need to understand. No more guesswork (and opening of support cases) of trying to figure out if a required certificate has already been installed, as they are all stored in the Windows certificate manager and can quickly be confirmed.

This is the best option security-wise; moving forward, it will be the default option for new destinations opting to use the mTLS protocol. 


Will you be using this new feature? Let me know your thoughts in the comments!

Cheers,

Olga Hout

Product Manager, QRadar Integrations


#Highlights-home
#Highlights
0 comments
477 views

Permalink