Security Certificates
This allows the generation or selection of the certificate you would like to use with the webserver and to secure the events you are sending to the destination SIEM.
Certificates and their associated private keys are queried and generated from/to the certificate and private key folders as used by openssl on your distribution for linux. This directory can be obtained by using the command:
openssl version -d
An example output would be:
OPENSSLDIR: "/usr/lib/ssl"
Web UI HTTPS Certificate. Select the certificate to be used for HTTPS web user interface interactions.
Note: Only certificates with an associate private key will be show, the webserver requires this private key in order to encrypt the traffic to the browser.
Generate a new Self Signed Certificate. Generate certificates that will append to the available list of certificates. A self signed certificate may be generated if your site does not have a certificate. Snare shows only those certificates for which 'private key' is also found and is marked as exportable.
Network Destination Certificate Verification. The ability to certify the chain of trust when connecting to a remote destination server. Select the level of certificate verification:
- Accept Any - Require an SSL/TLS certificate to be presented, but accept the certificate even if the chain of trust cannot be authenticated, or the hostname does not match the presented certificate. This is ideal for self signed certificates.
- Strict Checking - Require an SSL/TLS certificate to be presented, and have both a valid chain of trust and also a hostname matching the certificate. A hostname must be provided in the associated input field, as an IP address will not work.
Snare Agent Manager Certificate Verification. The ability to certify the chain of trust when connecting to a remote Snare Agent Management server. Select the level of certificate verification:
- Accept Any - Require an SSL/TLS certificate to be presented, but accept the certificate even if the chain of trust cannot be authenticated, or the hostname does not match the presented certificate. This is ideal for self signed certificates.
- Strict Checking - Require an SSL/TLS certificate to be presented, and have both a valid chain of trust and also a hostname matching the certificate. A hostname must be provided in the associated input field, as an IP address will not work.
Certificate verification is not supported for UDP or TCP. There will be no validation on these protocols.
To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:
- Click on Submit to save the changes (or click Reset to set the page back to a saved state).
- Click on the Apply Configuration & Restart Service menu item.