For SAM to use a custom certificate, first it is required to install the certificate in the Snare central server, once the certificate has been installed, restart SAM so the new certificate can be detected and then go to SAM UI to "Settings"->"General->"Agent HTTPS Certificate" option and choose the certificate from the selection list.
To install the certificate the procedure is as follows:
Given a CA certificate file foo.crt, follow these steps to install it on Snare Central:
Create a directory for extra CA certificates in
/usr/local/share/ca-certificates:sudo mkdir /usr/local/share/ca-certificates/SAM
Copy the CA
.crtfile to this directory:sudo cp foo.crt /usr/local/share/ca-certificates/SAM/foo.crt
Let Snare Central add the
.crtfile's path relative to/usr/local/share/ca-certificatesto/etc/ca-certificates.conf:sudo update-ca-certificates
Restart SAM:
sudo /etc/init.d/snare restart
Go to SAM UI to “Settings” → “General”
Choose the correct certifciate in “Agent HTTPS Certificate”
NOTE: In case of a .pem file on Snare Central, it must first be converted to a .crt file:
openssl x509 -in foo.pem -inform PEM -out foo.crt
Or a .cer file can be converted to a .crt file:
openssl x509 -inform DER -in foo.cer -out foo.crt