Installing LogLogic LMI csr certificate and rootCA certificate

You can enable secure mode log forwarding and collecting from the LogLogic^® Universal Collector appliance to the LogLogic LMI appliance.

1. Generate a Certificate Signing Request (CSR) from the LogLogic LMI appliance.
   1. ssh log on to LogLogic LMI appliance as:

      ssh root@10.0.25.97 (for example)

   2. Enter password “logapp“ to access the CLI for LogLogic LMI.
   3. Enter the following command:
      > system secureuldp create csr

      Returns (example):

      Generating RSA private key, 1024 bit long modulus
      ....................................++++++
      ............................................................++++++
      e is 65537 (0x10001)
      -----BEGIN CERTIFICATE REQUEST-----
      MIIBZzCB0QIBADAoMREwDwYDVQQKEwhMb2dMb2dpYzETMBEGA1UEAxMKMTAuMC4y
      NS45NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2LxeW8dvdMyT9OzIqZ1w
      kpBVGHwIV5nJC0aUZZ8bkcNAK7PtCVorLhos83PzHzXt3lqDPg/vIwyr6teb/pJc
      l+elByfNnrA1+qdEsEwiPtC4DjdxHcRI4QN+RIfZQ7JmtGYABDZQOZN4NXxOPofc
      SQJJtZBFdgPpvmYHuABO678CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAAwJwbCW
      FtPCekHpwVJXmo8P3Sj6yTrz5eCY0XyNPS29eVStwATonopUvtFujiduzbrLpbo8
      I+/NpSofGn5uhJl84sXtxHpkoCM8Puf7HHh+GHqWZYiFLiQYBcKV/pKM7IgiF5Nu
      iBfCgESkj0lymEHoiD3xTww0bZcQoSsOPX/Y
      -----END CERTIFICATE REQUEST-----
      >

   4. Copy the csr returned (earlier) to your clipboard.
2. Login to the UCM appliance and paste in the LogLogic LMI csr, following these steps:
   1. Go to https://10.0.23.215:10443/ExaProtect/(example).
   2. Login id and password: superadmin/exaprotect (example)
   3. On the UCM landing page, mouse over Collector Management (upper right) and select “ULDP connections” from the drop-down menu.
   4. Click the  +| Add button to add a connection.
   5. On the ULDP Connection Creation page, enter a name for your connection (such as My_CSR) in the * Name field.
   6. Under LMI (LX/ST/MX) in the * Address field, enter the URL of the LogLogic appliance to which you wish to connect (example: 10.0.25.97).
   7. In the * Port field, change the default port from 5514 to 5515.
   8. Under Security, select Authenticate the connection check box.
   9. Under Security, click the Generate the LMI Certificate button.

      An LMI Certificate Signing Request window opens.

      Paste in the LogLogic LMI csr you copied to your clipboard in step 1. step c above.

   10. Click Generate the Certificate button.

       The UCM generates a signed LogLogic LMI certificate, as shown in the figure below.

       LogLogic LMI Certificate Generated by UCM Appliance

       
   11. Press Ctrl-C to copy the signed certificate generated by the UCM appliance.
   12. At the command prompt on the LogLogic LMI appliance, enter the following command:
        > system secureuldp install certificate

       System returns:

        Paste certificate:
   13. Paste in the LogLogic LMI certificate generated by the UCM appliance (in Step 2. k. )

       -----BEGIN CERTIFICATE-----
       MIICTTCCATUCBgEsixyReDANBgkqhkiG9w0BAQUFADAwMRwwGgYKCZImiZPyLGQB
       GQwMZHRfTE9DQUxIT1NUMRAwDgYDVQQDEwdSb290IENBMB4XDTEwMTEyNzAyMTQ1
       NFoXDTE1MTEyNjAyMTQ1NFowKDERMA8GA1UEChMITG9nTG9naWMxEzARBgNVBAMT
       CjEwLjAuMjUuOTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANi8XlvHb3TM
       k/TsyKmdcJKQVRh8CFeZyQtGlGWfG5HDQCuz7QlaKy4aLPNz8x817d5agz4P7yMM
       q+rXm/6SXJfnpQcnzZ6wNfqnRLBMIj7QuA43cR3ESOEDfkSH2UOyZrRmAAQ2UDmT
       eDV8Tj6H3EkCSbWQRXYD6b5mB7gATuu/AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
       ACROxYCR3YcuASjm7W4H6W9hKnXCOynKlzAPKtysdZzHUuSbeYVm9nKNakgV/NGC
       MyV01jtOV8sBDh8hcAif4GLyeKhJ7GNSRlSaftMWfCblCE42x8VNRdRpJyXRswgT
       sqbqDfLHqKOMQW/eJ1BHEkBkzQIgoF2n6WHGNOoua17Nz68Q2ELyjn1Nlw4XZI81
       tlnOzekNuktqdwRqL8lzaoHwoeHVIP6aB5rd5RY2O6adOAxkqAcS54T/vsVQDsCX
       mH5ZCtkAXXC1Av9bWVznQIX+lSRsuzjMVSNdwf5HgbfaUjs/03esAgWOhCPfcmcM
       7MMUcwrNIsRl04GWAHletZI=
       -----END CERTIFICATE-----

3. Install the UCM CA Certificate on the LogLogic LMI appliance by following these steps:
   1. Login to the UCM appliance (https://10.0.23.215:10443/ExaProtect/(example).
   2. Login id and password: superadmin/exaprotect (example)
   3. On the UCM landing page, mouse over Collector Management (upper right) and select “ULDP connections” from the drop-down menu.
   4. Click the  +| Add button.
   5. Click “View the UCM CA certificate”.
   6. The UCM CA certificate is displayed.
   7. Press Ctrl-C to copy the UCM CA certificate generated by the UCM appliance to your clipboard.
   8. At the command prompt on the LogLogic LMI appliance, enter the following command:
      > system secureuldp install rootCA

      System returns:

      Paste certificate:
   9. Paste in the UCM CA certificate generated by the UCM appliance (in Step 3. e.)
   10. Type “exit” in the command line of the LogLogic LMI appliance.
4. Update the LogLogic LMI appliance.
   1. Login to the LogLogic LMI appliance (https://10.0.25.97 - example).
   2. Go to Administration > System Settings page, General tab.
   3. Set the “Enable Secure ULDP” radio button to Yes.
   4. Update the “Secure ULDP Port” to “5515”.
   5. Click the Update button.

Copyright © Cloud Software Group, Inc. All rights reserved.