Replace Job Manager certificate with a third-party certificate
To replace the Splunk UBA Job Manager certificate with a third-party certificate, complete the following steps on the management node (node 1):
- If UBA is running, stop UBA services using the following command:
/opt/caspida/bin/Caspida stop
- Make a copy of /etc/caspida/conf/jobconf/keystore.jm for backup and place the copy in /home/caspida or another directory of your choosing:
cp /etc/caspida/conf/jobconf/keystore.jm /home/caspida/keystore.jm
- Delete the current certificate stored in the Job Manager keystore:
sudo keytool -delete -alias "jmserver" -keystore /etc/caspida/conf/jobconf/keystore.jm
- Bundle the certificate with the private key of the server into a PKCS#12 file:
openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -name jmserver -out generated_key.p12
Replace
certificate.pem
with the path to the certificate. Replaceprivate_key.pem
with the path to the private key.Export password must be the same as the /etc/caspida/conf/jobconf/keystore.jm password of "password".
- Import the PKCS#12 file into the keystore for Job Manager:
keytool -importkeystore -destkeystore <pre>/etc/caspida/conf/jobconf/keystore.jm -srckeystore generated_key.p12 -srcstoretype PKCS12
When prompted for the password, use "password".
- Confirm that the certificate is imported correctly by reviewing the output of the following command. Look for the information of Issuer/Owner:
sudo keytool -list -v -keystore /etc/caspida/conf/jobconf/keystore.jm
- Sync the cluster:
/opt/caspida/bin/Caspida sync-cluster /etc/caspida/conf/jobconf/
- Restart UBA:
/opt/caspida/bin/Caspida start
Change the IP address of your Docker containers | Send Splunk UBA data to Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.4.0, 5.4.1
Feedback submitted, thanks!