View an Example of Configuring Certificates for AI Engine
This topic illustrates how to configure custom certificates for the AI Engine Communication Manager (AIE ComMgr) and the Data Provider of the Mediator. For more information about the AI Engine, see Advanced Intelligence Engine.
Install the OpenSSL package, or extract the OpenSSL files to the directory C:\OpenSSL if using a Windows operating system.
The OpenSSL executable expects the openssl.cnf file to be located on the root of the C:\OpenSSL directory. Ensure you copy it there from the C:\OpenSSL\bin folder.
Create a custom certificate using OpenSSL.
CODEsudo openssl req -nodes -newkey rsa:2048 -keyout privatekey.key -out cert.crt -x509 -days 365 sudo openssl pkcs12 -export -out cert.pfx -inkey privatekey.key -in cert.crt
Once the certificate is created, add the .pfx file to the certificate store:
- Open the Certificate Manager by searching for the certificate.
- Add the newly created certificate to the Personal certificate store:
Run the following command:
certlm
- Click Personal, All Tasks, and then Import.
- From the drop down menu, select Choose.
- Select the .pfx certificate.
Configure the Data Processor to use the certificate. For more information, see Modify Data Processor Advanced Properties.
Make changes to the Data Processor Advanced Properties with extreme care! LogRhythm recommends that the Data Processor Advanced Properties only be modified with the assistance of LogRhythm Support, or by advanced users who have attended LogRhythm training.
- In the Client Console, on the main toolbar, click Deployment Manager.
- Click the Data Processors tab.
- Double-click the Data Processor you want to configure.
Click the Advanced button at the lower-left corner.
In the AIE Provider: TLS Security settings, select UseAIEDPTLSCert.
Select AIEDPTLSCertSubject, and type the Common Name (CN=<CommonName>) used when creating the certificate.
- Configure the AIE ComMgr to use the certificate.
- In the Client Console, on the main toolbar, click Deployment Manager.
- Click the AI Engine tab.
- On the bottom of the grid, click the Servers tab.
- Double-click the AI Engine you want to configure.
Click the Advanced button at the lower-left corner.
- Select UseAIEComMgrTLSCert.
- Select AIEComMgrTLSCertSubject, and type the Common Name (CN=<CommonName>) used when creating the certificate.
- To apply the certificate changes, restart the Mediator and the AIE ComMgr.