Skip to main content
Skip table of contents

Enable SSL Inspection for Root CA

Using a Root CA custom certificate, proxy SSL inspection requests can be quickly authenticated in all Open Collector, Beats, and Metrics containers. 

This topic aids in adding, editing, and removing a certificate path prior to running any Open Collector, Beats, or Metrics services. Before making any certificate changes, do the following:

  1. Run the following command to check for various available flags while adding certificate paths:

    CODE 
    ./lrctl sslcertpath --help

    Before using this command, run the 'update-ca-trust' command on the host system where the certificate is placed.

Add New Certificate Path

  1. Run the following command to add the certificate path:

    CODE 
    ./lrctl sslcertpath add

  2. Enter the complete path to the location of the certificate key as show below:

    Once the certificate path has been successfully added, restart all services for the change to take effect.

After adding the certificate path, the Open Collector, Metric, or Beats service can be restarted to copy the certificate inside the container, which enables SSL communication through these services.

For example, to restart the Metrics service, run the following command:

CODE 
./lrctl metrics restart

Edit an Existing Certificate Path

  1. To edit the path of the certificate, run the following command:

    CODE 
    ./lrctl sslcertpath edit

    The existing path appears.

  2. Make any necessary changes to the certificate key's location path as shown below, and then press Enter.

Remove a Certificate Path

  1. To remove the previously configured certificate path, run the following command:

    CODE 
    ./lrctl sslcertpath remove

  2. Enter 'y' to verify the removal of the path, and then press Enter.

    Once the certificate path has been successfully removed, restart all Open Collector, Metrics, and Beats services for the change to take effect. The Open Collector service can be restarted using the following command:

    CODE 
    ./lrctl oc restart


       

View a Certificate Path

  1. To view the path of the previously configured certificate, run the following command:

    CODE 
    ./lrctl sslcertpath view

    The certificate's path appears.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close