Articles in this section

Adding a SSL Certificate to the SkyFormation Trusted Certificates Store

Avatar
Itai Hadayer
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

IMPORTANT NOTE
This guide is for any SkyFormation version 2.1.21 and above. If you are using older version of SkyFormation make sure to upgrade SkyFormation first before running the below procedure.

Preface

SkyFormation platform allows integration with 3rd party systems as LDAP, SIEM and others.

In cases where the 3rd party system requires SSL for the integration (e.g. LDAPS in the LDAP integration) SkyFormation app will try to establish the communication over SSL if configured to do so. To allow SkyFormation app to establish SSL connectivity SkyFormation app must trust the 3rd party SSL certificate in use.

This post explains how to add to the SkyFormation store of trusted certificates the SSL certificate used by the 3rd party system.

The below procedure is needed for the following SkyFormation integrations:

- LDAP integration for identity enrichment (Settings->LDAP integration)

- Configure SkyFormation to use LDAP for authentication

- Send the SkyFormation events using syslog to the external SIEM over SSL

Steps

  1. SSH to your SkyFormation machine
  2. Enter into the SkyFormation tomcat container by running the command: 
    sudo docker container exec -it sk4_sk4_tomcat_1 bash
  3. Export the 3rd party SSL certificate into a base64 encoding file (e.g copy ir into a file named servercert.cer)
  4. Import the exported SSL certificate into the SkyFormation trusted certificates store at:
    %sk4 tomcat%/sk4conf/sk4cacerts. This is done using Java keytool tool.

    Run the following command:

    keytool -import -trustcacerts -keystore /usr/local/tomcat/sk4conf/sk4cacerts -noprompt -storepass changeit -alias "our server cert" -file %servercert.cer% 

    Note
      SkyFormation machine has no keytool installed on it. To run the keytool command you
      would need to copy the SkyFormation trusted certificates store (see above) to another
      machine with keytool command (machine with Java and keytool command in its bin
      folder), do the import step and then replace the SkyFormation trust store with the one you
      imported the certificate to.

  5. exit the SkyFormation tomcat container by pressing
    Ctrl + D
  6. Restart the SkyFormation app by running the command 
    sudo service sk4compose restart

 

Done 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.