About Certificates

SUMMARY

Feb 16, 2017

Snare Server

The Snare Server uses a 10 year certificate for the web interface, this can also be regenerated at anytime from within the Snare Server wizard. The certificate used for the TLS log collection has a 2 year expiry on it and can be updated manually by changing the PEM file or it will auto rotate if it expires to a new self signed certificate.

Both options can have the certificate signed by the customers internal Certificate Authority so they can be validated using strict validation for the sending of logs, or web browser interface.

Version 5 Snare Agents

The version 5 Snare Enterprise Agents and Snare Agent Manager v1 use self signed certificates but the customer can change them to use other certificates if they are loaded in the Microsoft Certificate store. The v5 agent self signed certificates are generated with a 5 year expiry on them. This expiry date is viewable from the certificate properties once its selected via the web browser or manually inspect the certificate store.

Version 4 Snare Agents

The v4 agent does not perform strict validation on the TLS option used for sending logs, it will just use the public key as presented by the receiving system.

Resources

More info at:

• Using a CA-signed cert on Snare Central Server

• How to Test Strict Certificate Checking