View an Example of Configuring Mutual Authentication in LogRhythm
This topic illustrates how to configure mutual authentication in an example LogRhythm deployment that contains a Platform Manager (PM), a Data Processor + Data Indexer (DPX), AI Engine, and two System Monitors.
In this configuration, we need the following certificates:
- 1 root certificate authority (CA) certificate – this is used to create all the client/servers certificates that will be used
- 3 server certificates:
- Data Processor/Indexer (Mediator)
- AIE Communications Manager
- Platform Manager (SQL Server)
- 3 client certificates:
- 2 Windows System Monitor Agents
- 1 AIE Data Provider
- Create your root certificate authority (CA).
makecert -r -n "CN=LogRhythm TEST Root CA" -sr LocalMachine -ss MY –a sha256
This certificate will be created in the MY (Personal) store of the LocalMachine location. It will be copied/moved to the Trusted Root Certification Authorities store so any server/client certificates it generates will be trusted.
- Create three server certificates:
- Data Processor (Mediator):
makecert -pe -n "CN=LRDPX.logrhythm.com" -sky exchange -eku 1.3.6.1.5.5.7.3.1 -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA" –a sha256
- AIE Communications Manager:
makecert -pe -n "CN=LRAIE.logrhythm.com" -sky exchange -eku 1.3.6.1.5.5.7.3.1 -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA" –a sha256
- Platform Manager (SQL Server):
makecert -pe -n "CN=LRPM.logrhythm.com" -sky exchange -eku 1.3.6.1.5.5.7.3.1 -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA" –a sha256
- Data Processor (Mediator):
- Create three client certificates:
- Two Agent client certificates:
makecert –a sha256 -n "CN=LRWINAGNT1.logrhythm.com" -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA"
makecert –a sha256 -n "CN=LRWINAGNT2.logrhythm.com" -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA"
- AIE Data Provider (Mediator):
makecert –a sha256 -n "CN=LRDPX.logrhythm.com" -sr LocalMachine -ss MY -ir LocalMachine -is MY -in "LogRhythm TEST Root CA"
You now have seven certificates in your LocalMachine Personal store: one Root CA, three server certificates, and three client certificates.
Note that LRDPX has two certificates: a server certificate for the Mediator Server and a client certificate for the AIE Data Provider.
- Two Agent client certificates:
Using the Windows Certificate Manager, export each certificate to file and install them on their appropriate machines in the LocalMachine Personal store.
The three server certificates should be exported with their private keys.
Each machine must also have the Root CA imported into its Trusted Root Certification Authorities store. For each client/server certificate you export and install on a machine, you will also need to install the Root CA certificate — two certificates per machine — the root CA and the server or client certificate.