For SAM to use a custom certificate, first it is required to install the certificate in the Snare central server, once the certificate has been installed, restart SAM so the new certificate can be detected and then go to SAM UI to "Settings"->"General->"Agent HTTPS Certificate" option and choose the certificate from the selection list.
To install the certificate the procedure is as follows:
Given a CA certificate file foo.crt
, follow these steps to install it on Snare Central:
Create a directory for extra CA certificates in
/usr/local/share/ca-certificates
:sudo mkdir /usr/local/share/ca-certificates/SAM
Copy the CA
.crt
file to this directory:sudo cp foo.crt /usr/local/share/ca-certificates/SAM/foo.crt
Let Snare Central add the
.crt
file's path relative to/usr/local/share/ca-certificates
to/etc/ca-certificates.conf
:sudo update-ca-certificates
Restart SAM:
sudo /etc/init.d/snare restart
Go to SAM UI to “Settings” → “General”
Choose the correct certifciate in “Agent HTTPS Certificate”
NOTE: In case of a .pem
file on Snare Central, it must first be converted to a .crt
file:
openssl x509 -in foo.pem -inform PEM -out foo.crt
Or a .cer
file can be converted to a .crt
file:
openssl x509 -inform DER -in foo.cer -out foo.crt