Using a Root CA custom certificate, proxy SSL inspection requests can be quickly authenticated in all Open Collector, Beats, and Metrics containers.
This topic aids in adding, editing, and removing a certificate path prior to running any Open Collector, Beats, or Metrics services. Before making any certificate changes, do the following:
Run the following command to check for various available flags while adding certificate paths:CODE
./lrctl sslcertpath --help
Before using this command, run the 'update-ca-trust' command on the host system where the certificate is placed.
Add New Certificate Path
Run the following command to add the certificate path:CODE
./lrctl sslcertpath add
Enter the complete path to the location of the certificate key as show below:
Once the certificate path has been successfully added, restart all services for the change to take effect.
After adding the certificate path, the Open Collector, Metric, or Beats service can be restarted to copy the certificate inside the container, which enables SSL communication through these services.
For example, to restart the Metrics service, run the following command:
./lrctl metrics restart
Edit an Existing Certificate Path
To edit the path of the certificate, run the following command:CODE
./lrctl sslcertpath edit
The existing path appears.
- Make any necessary changes to the certificate key's location path as shown below, and then press Enter.
Remove a Certificate Path
To remove the previously configured certificate path, run the following command:CODE
./lrctl sslcertpath remove
Enter 'y' to verify the removal of the path, and then press Enter.
Once the certificate path has been successfully removed, restart all Open Collector, Metrics, and Beats services for the change to take effect. The Open Collector service can be restarted using the following command:CODE
./lrctl oc restart
View a Certificate Path
To view the path of the previously configured certificate, run the following command:CODE
./lrctl sslcertpath view
The certificate's path appears.