Installing LogLogic LMI csr Certificate and rootCA Certificate

You can enable secure mode log forwarding and collecting from the LogLogic® Universal Collector appliance to the LogLogic LMI appliance.

Procedure

  1. Generate a Certificate Signing Request (CSR) from the LogLogic LMI appliance.
    1. Using SSH, log in to the LogLogic LMI appliance as the root user:

      ssh root@10.0.25.97 (for example)

    2. Enter the password as logapp.
    3. Run the following command:
      > system secureuldp create csr

      Sample output:

      Generating RSA private key, 1024 bit long modulus
      ....................................++++++
      ............................................................++++++
      e is 65537 (0x10001)
      -----BEGIN CERTIFICATE REQUEST-----
      MIIBZzCB0QIBADAoMREwDwYDVQQKEwhMb2dMb2dpYzETMBEGA1UEAxMKMTAuMC4y
      NS45NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2LxeW8dvdMyT9OzIqZ1w
      kpBVGHwIV5nJC0aUZZ8bkcNAK7PtCVorLhos83PzHzXt3lqDPg/vIwyr6teb/pJc
      l+elByfNnrA1+qdEsEwiPtC4DjdxHcRI4QN+RIfZQ7JmtGYABDZQOZN4NXxOPofc
      SQJJtZBFdgPpvmYHuABO678CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAAwJwbCW
      FtPCekHpwVJXmo8P3Sj6yTrz5eCY0XyNPS29eVStwATonopUvtFujiduzbrLpbo8
      I+/NpSofGn5uhJl84sXtxHpkoCM8Puf7HHh+GHqWZYiFLiQYBcKV/pKM7IgiF5Nu
      iBfCgESkj0lymEHoiD3xTww0bZcQoSsOPX/Y
      -----END CERTIFICATE REQUEST-----
      >
    4. Copy the CSR from the output to the clipboard.
  2. Login to the UCM appliance and paste in the LogLogic LMI CSR by performing the following steps:
    1. Go to https://10.0.23.215:10443/ExaProtect/ (example).
    2. Login ID and password: superadmin/exaprotect (example)
    3. On the UCM landing page, hover the mouse over Collector Management (upper right) and select “ULDP connections” from the list.
    4. Click the  +| Add button to add a connection.
    5. On the ULDP Connection Creation page, in the * Name field, enter a name for your connection (such as My_CSR).
    6. Under LMI (LX/ST/MX), in the * Address field, enter the URL of the LogLogic LMI appliance to which you wish to connect (example: 10.0.25.97).
    7. In the * Port field, change the default port from 5514 to 5515.
    8. Under Security, select the Authenticate the connection check box.
    9. Under Security, click the Generate the LMI Certificate button.
      The LMI Certificate Signing Request window opens.

      Paste the LogLogic LMI CSR that you copied to your clipboard in step1 d.

    10. Click the Generate the Certificate button.
      The UCM generates a signed LogLogic LMI certificate, as shown in the figure.
      LogLogic LMI Certificate Generated by UCM Appliance
    11. Press Ctrl-C to copy the signed certificate generated by the UCM appliance.
    12. From a command prompt on the LogLogic LMI appliance, run the following command:
      > system secureuldp install certificate

      The system returns the following output:

      Paste certificate:
    13. Paste the LogLogic LMI certificate generated by the UCM appliance (in step 2 k. )
      -----BEGIN CERTIFICATE-----
      MIICTTCCATUCBgEsixyReDANBgkqhkiG9w0BAQUFADAwMRwwGgYKCZImiZPyLGQB
      GQwMZHRfTE9DQUxIT1NUMRAwDgYDVQQDEwdSb290IENBMB4XDTEwMTEyNzAyMTQ1
      NFoXDTE1MTEyNjAyMTQ1NFowKDERMA8GA1UEChMITG9nTG9naWMxEzARBgNVBAMT
      CjEwLjAuMjUuOTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANi8XlvHb3TM
      k/TsyKmdcJKQVRh8CFeZyQtGlGWfG5HDQCuz7QlaKy4aLPNz8x817d5agz4P7yMM
      q+rXm/6SXJfnpQcnzZ6wNfqnRLBMIj7QuA43cR3ESOEDfkSH2UOyZrRmAAQ2UDmT
      eDV8Tj6H3EkCSbWQRXYD6b5mB7gATuu/AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
      ACROxYCR3YcuASjm7W4H6W9hKnXCOynKlzAPKtysdZzHUuSbeYVm9nKNakgV/NGC
      MyV01jtOV8sBDh8hcAif4GLyeKhJ7GNSRlSaftMWfCblCE42x8VNRdRpJyXRswgT
      sqbqDfLHqKOMQW/eJ1BHEkBkzQIgoF2n6WHGNOoua17Nz68Q2ELyjn1Nlw4XZI81
      tlnOzekNuktqdwRqL8lzaoHwoeHVIP6aB5rd5RY2O6adOAxkqAcS54T/vsVQDsCX
      mH5ZCtkAXXC1Av9bWVznQIX+lSRsuzjMVSNdwf5HgbfaUjs/03esAgWOhCPfcmcM
      7MMUcwrNIsRl04GWAHletZI=
      -----END CERTIFICATE-----
  3. Install the UCM CA Certificate on the LogLogic LMI appliance by performing the following steps:
    1. Login to the UCM appliance (https://10.0.23.215:10443/ExaProtect/(example).
    2. Login ID and password: superadmin/exaprotect (example)
    3. On the UCM landing page, hover the mouse over Collector Management (upper right) and select “ULDP connections” from the list.
    4. Click the +| Add button.
    5. Click View the UCM CA certificate.
    6. The UCM CA certificate is displayed.
    7. Press Ctrl-C to copy the UCM CA certificate generated by the UCM appliance to your clipboard.
    8. At the command prompt on the LogLogic LMI appliance, run the following command:
      > system secureuldp install rootCA

      The system returns:

      Paste certificate:
    9. Paste the UCM CA certificate generated by the UCM appliance (in step 3 g.)
    10. Type “exit” in the command line of the LogLogic LMI appliance.
  4. Update the LogLogic LMI appliance.
    1. Login to the LogLogic LMI appliance (https://10.0.25.97 - example).
    2. Go to the Administration > System Settings > General tab.
    3. Set the Enable Secure ULDP option to Yes.
    4. Update the Secure ULDP Port field to 5515.
    5. Click the Update button.

Result

Secure-mode log forwarding and collecting from the LogLogic® Universal Collector appliance to the LogLogic LMI appliance is now enabled.