Skip to main content

Integrations

Add Illumio PCE SSL Certificates in QRadar

The Illumio app collects labels with SSL verification. If PCE contains self-signed or internal CA certificates, then you need to perform the following steps to add certificates in QRadar.

  1. Log into your QRadar console.

  2. Go to the Admin panel and open the Configuration page.

  3. From the configuration window of the Illumio app, copy the app id from the URL. The app id is the number after /console/plugins/. For example, if the URL is https://1.1.1.1/console/plugins/1062/app_proxy/index, you would copy 1062.

  4. Perform the docker ps command on your QRadar instance using SSH.

  5. Find the Container id of the Illumio App. (The container id for the Illumio app is an image column containing a previously copied number, such as ...qapp-1062...)

  6. Perform the docker exec -it <container-id> /bin/bash command (to go inside Docker).

  7. Perform the following steps inside the Docker container of the Illumio v1.4.0 app:

    1. Copy or move the certificate file of the Illumio app from root to /etc/pki/ca-trust/source/anchors.

    2. Run the commands listed in Using certificates that are signed by an internal certificate authority.

      /opt/qradar/support/all_servers.sh -p /etc/pki/ca-trust/source/anchors/<root_certificate> -r /etc/pki/ca-trust-source/anchors

      /opt/qradar/support/all_servers.sh -C update-ca-trust

    3. Restart the Docker container of the app.

Note

When you reinstall the app or the Docker container of the Illumio App gets restarted, these changes may be reverted. If that occurs, you need to perform these steps again.