How to get the SSL cert (pem format) from Minemeld (On Unbuntu)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to get the SSL cert (pem format) from Minemeld (On Unbuntu)

L1 Bithead

 

 

Hi Guys,

 

I would like to import MM cert into Qradar in order to consume feed from MM. where i can get the SSL cert?

3 REPLIES 3

L5 Sessionator

Hi @Woranon,

 

they are in /etc/nginx

 

[ubuntu@localhost nginx]$ ls /etc/nginx/minemeld.*
/etc/nginx/minemeld.cer  /etc/nginx/minemeld.pem

I recommend you to issue valid certificates instead of trusting the self-signed ones. More info at How to Generate New MineMeld HTTPS Cert

@xhoms

 

For my case, I have SIEM (Qradar Threat Intel app) and try to get the feed from Minemeld which providing the output node in  STIX/TAXII format. As I understand, I need to have the Minemeld cert for TAXII server.  Please correct me if im wrong.

 

I follow this article "https://live.paloaltonetworks.com/t5/MineMeld-Articles/Integrating-MineMeld-with-IBM-QRadar/ta-p/143...

@Woranon,

 

are you using "MineMeld Community edition" or "Autofocus Hosted MineMeld"? In the second case, you just need to import the GoDaddy certificate described in the article you mentioned.

 

In the second case, you must issue a new valid certificate for MineMeld (you can't use the self-signed default one) and import the CA used into QRADAR's trusted CA list. The article I shared with you describes how to replace default self-signed certificates with valid ones.

  • 4775 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!