Skip to main content

Site CollectorSite Collector Administration Guide

Table of Contents

Regenerate certificates for Site Collector Core

The Site Collector Core certificates include Site Collector Core web server certificates, Windows Event Log to Site Collector Core communication certificates, and Syslog default certificates. You need to regenerate certificates for Site Collector Core in the following scenarios:

  • If you change the Site Collector VM IP address or hostname.

  • If the Windows Event Log Collector cannot use certificates from the Exabeam Security Operations Platform user interface to communicate with Site Collector Core.

  • If you want to fix any issues associated with certificates

Run the following script on the Site Collector Core VM to regenerate these certificates.

sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh

For Site Collectors version V1.11 and above, if you use the custom installation folder for Site Collector installation, use the following command.

sudo $(sudo cat /etc/ngsc_path_info)/exabeam/nifi/nifi_scripts/regenerate_certificate.sh

Refer to the following example of the script that shows successful certificate generation.

[exabeam@ihor-ngsc-centos-7 ~]$ sudo /opt/exabeam/nifi/nifi_scripts/regenerate_certificate.sh
The existing collectors that use certificates won’t work anymore and you have to redeploy them.
Are you sure you want to regenerate certificates and restart SC? Y/N? y
Support: --tlsv1.2 --tls-max 1.2  
Generating new certificates for NGSC Core
Generate certificates
Hostname: ihor-ngsc-centos-7
IP List: 10.70.2.12,172.17.0.1
Alternative names: localhost,ihor-ngsc-centos-7,10.70.2.12,172.17.0.1,ihor-ngsc-centos-7.c.ngsc-experiments.internal
Creating new certificates
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine - Using /opt/exabeam/nifi/nifi_conf/nifi.properties as template.
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Running standalone certificate generation with output directory /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generated new CA certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-cert.pem and key /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/nifi-key.key
[main] WARN org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Hostname count does not match given alternate name count. Verify names in resulting certificate.
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Writing new ssl configuration to /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated TLS configuration for ihor-ngsc-centos-7 1 in /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/ihor-ngsc-centos-7
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Generating new client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - Successfully generated client certificate /opt/exabeam/nifi/nifi_conf/ihor-ngsc-centos-7/CN=ihor-ngsc-centos-7_OU=NIFI.p12
[main] INFO org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone - tls-toolkit standalone completed successfully
Backing up current certificates
Moving new certificates
Extracting certificates from keystore and truststore
Importing keystore /opt/exabeam/nifi/nifi_conf/truststore.jks to /opt/exabeam/nifi/nifi_conf/truststore.p12...
Entry for alias nifi-cert successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
Importing keystore /opt/exabeam/nifi/nifi_conf/keystore.jks to /opt/exabeam/nifi/nifi_conf/keystore.p12...
Entry for alias nifi-key successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
Preparing certificates archives
  adding: ca.pem (deflated 28%)
  adding: cert.pem (deflated 28%)
  adding: key.pem (deflated 24%)
Preparing copy certificates to GCP bucket
Certificates were generated
Generating new certificates for NGSC Core was completed successfully
Enabling SSL Certificates Upload for NiFi
SSL Certificates Upload completed
Support: --tlsv1.2 --tls-max 1.2  
Stopping NGSC Core
Stop all Exa processors
Checking if NiFi queue is empty
NGSC was stopped successfully
Support: --tlsv1.2 --tls-max 1.2  
Starting NGSC Core
Start all Exa processors
NGSC Core was started successfully

You may look for the following key phrases that indicate that your script has successfully generated the certificates.

SSL Certificates Upload completed
NGSC Core was started successfully

After certificates are regenerated, reinstall the Window Event Log Collector, File Collector, and collectors that use default certificates such as the Syslog Collector and Fortinet Collector.