This article provides a step-by-step guide for ArcSight administrators to replace the self-signed certificate used by the ArcSight Manager. This process involves using the managersetup utility to generate a new key pair and restarting the ArcSight services to apply changes.
Steps to Renew the Self-Signed Certificate in ArcSight
1.Execute the Manager Setup Command
Log in to the server where the ArcSight Manager is installed and run the following command:
/opt/arcsight/manager/bin/arcsight managersetupDuring the setup process, you will encounter a prompt asking whether to renew the certificate.
- In the fourth question, select the option to replace the certificate with a new Self-Signed key pair by choosing (1).
Do you want to renew the certificate?
(1) Replace with new Self-Signed key pair3.Confirm Key Pair Creation
In the pop-up window that appears, confirm the creation of the new key pair.
4. Fill in Certificate Fields
Next, fill in the certificate fields as shown in the screenshot below. Ensure that all fields, such as Organization, Location, and Country Code, are entered correctly.
5. Proceed Without Further Changes
Click Next without making additional changes in subsequent steps.
6. Restart the ArcSight Manager Services
Once the setup is complete, restart the ArcSight Manager services for the changes to take effect. Execute the following commands:
/etc/init.d/arcsight_services stop
/etc/init.d/arcsight_services startVerifying the Changes
After the restart, verify that the new self-signed certificate is active. You can use a browser or a tool like openssl to check the certificate details and confirm the validity period.
openssl s_client -connect <manager_host>:8443 | openssl x509 -textSummary
By following the above steps, ArcSight administrators can successfully replace the ArcSight Manager’s self-signed certificate. Regularly renewing certificates is essential to ensure secure communication between ArcSight components and to maintain operational best practices.
The post ArcSight Administrator Guide: Renewing the Self-Signed Certificate appeared first on SOC Prime.
