...
"PEMFile": "TLSServer.pem",
"PubKeyFile": "TLSServer-Public.pem",
"PrivKeyFile": "TLSServer-Private.pem",
Installing certificate in SAM v1.5.2 on Snare Central
The Snare Reflector/Collector can receive events using secure TLS on port 6163. Snare TLS+Authentication is also support on port 6164.
By default, the Collector uses a self-signed certificate for this purpose. It is possible however, to install custom certificates. In order to accomplish this, the user needs to upload both public and private keys to the Snare Central server, place the certificates in the right directory with the right permissions/ownership.
Please note that the certificates are used exclusively for the TLS reception port(s) and are not used to access the UI nor as an encryption certificate for any destination.
The Collector can be configured to support separate files for private/public keys, or can use a single container file (pem) that includes both keys. Depending on user needs the procedure is very similar:
Stop Collector with the following command:
$ sudo /etc/init.d/snare stop
Upload and copy certificate files into the correct directory, with the correct filename. Assuming the source private and public keys are in separate files and the names are MyTLSCert-Public.pem and MyTLSCert-Private.pem:
$ sudo cp MyTLSCert-Public.pem /data/SnareConfig/TLSServer-Public.pem
$ sudo cp MyTLSCert-Private.pem /data/SnareConfig/TLSServer-Private.pem
$ sudo chown root: /data/SnareConfig/*.pem
$ sudo chmod 400 /data/SnareConfig/*.pem
ALTERNATIVELY, if your public and private keys are in a single file (MyTLSCert.pem):
$ sudo cp MyTLSCert.pem /data/SnareConfig/TLSServer.pem
$ sudo chown root: /data/SnareConfig/*.pem
$ sudo chmod 400 /data/SnareConfig/*.pem
Note that if both options exist in the /data/SnareConfig directory, the separate public/private files will take precedence.