Step 6 Enable Secure Connection

As for LogLogic LMI, two certificates are needed:
  • The root CA can be retrieved from your certificate authority server or from your organization's PKI administrators.
  • A certificate signing request or CSR. To generate the signed certificate, manual steps are required unlike LogLogic® Universal Collector.

Procedure

  1. Login to LogLogic LMI as a root user.
  2. Using the LogLogic CLI, create a Certificate Signing Request:

    system secureuldp create csr

    This generates a private key and the CSR.

    The CSR is the value between the Begin Certificate and End Certificate lines.

  3. If you have already created your CSR and just want to display it again, enter:
    system secureuldp show csr
  4. Copy the CSR and sign the CSR. Once the CA signs the CSR, it will generate a signed certificate.
  5. Install this signed certificate back to the LogLogic LMI appliance by entering:
    system secureuldp install certificate
  6. Paste the certificate in. Ensure that you include the Begin Certificate and End Certificate lines when pasting it in.
  7. Install the root CA certificate which will be the common certificate used for validation between LogLogic LMI and LogLogic® Universal Collector. To do so, enter:
    system secureuldp install rootCA
  8. Paste it in the root CA certificate.
  9. You might need to restart the ULDP collector:
    mtask -s engine_uldpcollector stop ; mtask -s engine_uldpcollector start
  10. Once you have created all the certificates, you must go to Administration > System Settings > General and check the Yes radio button associated with Enable Secure ULDP.

Result

The communication between LogLogic® Universal Collector and LogLogic LMI is now secured.