Refresh or Replace the Vulnerability Reporter SSL Certificate
Required User Role: Administrator
To update the self-signed SSL certificate used to upload vulnerability reports to Tenable Security Center, do one of the following:
-
Rotate the self-signed SSL certificate, replacing it with a fresh self-signed certificate.
-
Replace the self-signed SSL certificate packaged with Log Correlation Engine with an SSL certificate from your organization.
To rotate the self-signed SSL certificate and replace it with a fresh self-signed certificate:
-
Log in to Log Correlation Engine via the command line interface (CLI).
-
In the CLI in Log Correlation Engine, run the following command to refresh the SSL certificate:
/opt/lce/tools/lce_crypto_utils --generate-creds-vulnReporter -qLog Correlation Engine regenerates the SSL certificate locally.
-
Re-add the Log Correlation Engine to Tenable Security Center, as described in Add a Tenable Log Correlation Engine Server in the Tenable Security Center User Guide.
To replace the SSL certificate used to upload vulnerability reports to Tenable Security Center:
- Copy the following files from your CA to
/opt/lce/reporter/ssl/.- cacert.pem
- servercert.pem
- cakey.pem
serverkey.pem
Note: Do not change the certificate file names.
-
Add the Log Correlation Engine to Tenable Security Center, as described in Add a Tenable Log Correlation Engine Server in the Tenable Security Center User Guide.