If you're having trouble at any stage please contact us at email@example.com.
SkyFormation platform allows integration with 3rd party systems as LDAP, SIEM and others.
In cases where the 3rd party system requires SSL for the integration (e.g. LDAPS in the LDAP integration) SkyFormation app will try to establish the communication over SSL if configured to do so. To allow SkyFormation app to establish SSL connectivity SkyFormation app must trust the 3rd party SSL certificate in use.
This post explains how to add to the SkyFormation store of trusted certificates the SSL certificate used by the 3rd party system.
The below procedure is needed for the following SkyFormation integrations:
- LDAP integration for identity enrichment (Settings->LDAP integration)
- Configure SkyFormation to use LDAP for authentication
- Send the SkyFormation events using syslog to the external SIEM over SSL
- SSH to your SkyFormation machine
- Enter into the SkyFormation tomcat container by running the command
sudo docker container exec -it sk4_sk4_tomcat_1 bash
Export the 3rd party SSL certificate into a base64 or der encoding file (e.g servercert.cer)
- Import the exported SSL certificate into the SkyFormation trusted certificates store at:
Using Java keytool tool for the import you will need to run:
keytool -import -trustcacerts -keystore /usr/local/tomcat/sk4conf/sk4cacerts -noprompt -storepass changeit
-alias "our server cert"
SkyFormation machine has no keytool installed on it. To run the keytool command you
would need to copy the SkyFormation trusted certificates store (see above) to another
machine with keytool command (machine with Java and keytool command in its bin
folder), do the import step and then replace the SkyFormation trust store with the one you
imported the certificate to.
- exit the SkyFormation tomcat container by pressing
Ctrl + D
- Restart the SkyFormation app by running the command
sudo service sk4compose restart