End-of-Life (EoL)

Create a Private Key and Certificate Signing Request (CSR)

Create a private key and certificate signing request together with troubleshooting issues.
Follow these instructions to create a private key and certificate signing request.
  1. On a SSH session to the Cortex XSOAR server, generate the private certificate by running the following command.
    openssl genrsa -out DemistoPrivateKey.key 2048
    The RSA private key is generated.
  2. Generate the Certificate Signing Request (CSR) by running the following command.
    openssl req -new -sha256 -key DemistoPrivateKey.key -out DemistoPrivateCert.csr
  3. Follow the on-screen instructions.
    The CSR is sent to the certificate signing authority. The CA authority sends the certificate by email in different formats. Use the certificate in X.509 format with the .pem extension.
  4. Replace the existing internal certificate in
    /usr/local/demisto/cert.pem
    and key in
    /usr/local/demisto/cert.key
    with the newly generated private certificate and key.
  5. Restart the Cortex XSOAR server.
    Keep the certificate and key in a place other than
    /usr/local/demisto
    .

Troubleshoot Creating a Private Key and CSR

After the newly generated certificate key pair is copied to
/usr/local/demisto
, if the browser does not show the new certificate, do one or more of the following:
  • Check whether the FQDN specified in the certificate is the same as the FQDN of the Cortex XSOAR server.
  • Check whether there are any other certificates or keys in
    /usr/local/demisto
    , other than the ones generated recently for the Cortex XSOAR server. If so, remove or move them to another folder on the server.
  • On your browser on which you are trying to load Cortex XSOAR, clear cookies and other data. For example, in Chrome, go to
    Settings
    Advanced
    Clear Browsing data
    Clear data
    .
  • If the Cortex XSOAR server is behind a load balancer, re-upload the certificate on the load balancer. For example, if the Cortex XSOAR server is behind the ELB (Elastic Load Balancing), re-import the certificate on ELB (Elastic Load Balancing) on the Amazon Certificate Manager AWS console.

Recommended For You