SSL Certificates

Current ThreatQ Version Filter

SSL Certificates

ThreatQ performs SSL certification validation on outgoing connections. At times, an incoming feed (particularly TAXII feeds) or operation may require access to sites with CA certificates that are not included in the default bundle included in the software packages ThreatQ uses by default. These certificates will need to be added to the ThreatQ server for these connections to pass validation.

Unable to Verify SSL Certificate

If you find that a feed or operation is not working and results in an "unable to verify SSL certificate" error, complete the following steps:

Obtain the remote site's CA in PEM format and upload it to the ThreatQ filesystem:
/etc/pki/ca-trust/source/anchors/
Enable it in the system with the command:
sudo update-ca-trust extract
Restart the feed ingestion engine:
sudo systemctl restart threatq-dynamo

Copy your certificate to the following location on the host.
Ubuntu:
/usr/local/share/ca-certificates

RHEL:
/etc/pki/ca-trust/source/anchors/
Access the ThreatQ host command line via SSH or console.
Run the following command:
Ubuntu:
sudo update-ca-certificates

RHEL:
sudo update-ca-trust
Run the following command to save and apply your changes:
sudo /usr/local/bin/tqadmin reapply

Contact ThreatQuotient Support for assistance with obtaining or installing needed CA certs, or if you experience problems with SSL connections.

Configuring Custom SSL Certificates (not self-signed)

You may wish to install your own custom SSL certs to ThreatQ. This can be done according to the standard CentOS Linux instructions, which are included below:

Copy the files to your server:
scp sslfiles.tar.gz [username]@[server].threatq.com:~
SSH into your server.
Create the following directory if it does not currently exist:
>mkdir /etc/httpd/ssl
Copy the sslfiles.tar.gz file to the SSL directory created above:
sudo cp ~/sslfiles.tar.gz /etc/httpd/ssl/
Navigate to the SLL directory:
cd /etc/httpd/ssl
Extract the files from the sslfiles.tar.gz file:
sudo tar xzvf sslfiles.tar.gz
Restrict the permissions for your .crt and .key files:
sudo chmod 400 yourcert.crt yourkey.key yourca.crt
Open the the ssl.conf file in the terminal:
sudo vi /etc/httpd/conf.d/ssl.conf

Comment the following lines with a # if they exist:

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Add the following lines as appropriate

SSLCertificateFile /etc/httpd/ssl/yourcert.crt
SSLCertificateKeyFile /etc/httpd/ssl/yourkey.key
SSLCertificateChainFile /etc/httpd/ssl/yourca.crt (if a certificate chain is required)

Save the file.
Restart Apache:
sudo systemctl restart httpd

Configuring a Web Server Certificate

The following steps allow you to update the SSL certificate from the default self-signed certificate used for the ThreatQ user interface.

Move your SSL certificate file to a directory on your ThreatQ instance.
Access the ThreatQ host command line via SSH or console.
Run the following command:
sudo /usr/local/bin/tqadmin configure

The TQadmin configure command displays a series of prompts.
To prevent undesired changes to your system, you must enter a response for each prompt based on your current system configuration. For example, if your organization uses ThreatQ Data Exchange's OpenDXL functionality you must enter "yes" for the Do you want to enable OpenDXL prompt.

To use your own SSL certificate for the ThreatQ interface, populate the following:

Prompt	Description
Do you want to use your own SSL certificate? (yes/no):	Enter yes.
Enter the file path for your certificate	Enter the path for your SSL certificate. example: /etc/threatq-certs/mycert.pem
Enter the file path for your private key	Enter the path for the SSL certificate's private key. example: /etc/threatq-certs/mykey.pem

When prompted, enter your YUM username and password.
Run the following command to save and apply your changes:
sudo /usr/local/bin/tqadmin reapply