Refresh or Replace the Vulnerability Reporter SSL Certificate

Required User Role: Administrator

To update the self-signed SSL certificate used to upload vulnerability reports to Tenable Security Center, do one of the following:

  • Rotate the self-signed SSL certificate, replacing it with a fresh self-signed certificate.

  • Replace the self-signed SSL certificate packaged with Log Correlation Engine with an SSL certificate from your organization.

To rotate the self-signed SSL certificate and replace it with a fresh self-signed certificate:

  1. Log in to Log Correlation Engine via the command line interface (CLI).

  2. In the CLI in Log Correlation Engine, run the following command to refresh the SSL certificate:

    /opt/lce/tools/lce_crypto_utils --generate-creds-vulnReporter -q

    Log Correlation Engine regenerates the SSL certificate locally.

  3. Re-add the Log Correlation Engine to Tenable Security Center, as described in Add a Tenable Log Correlation Engine Server in the Tenable Security Center User Guide.

To replace the SSL certificate used to upload vulnerability reports to Tenable Security Center:

  1. Copy the following files from your CA to /opt/lce/reporter/ssl/.
    • cacert.pem
    • servercert.pem
    • cakey.pem
    • serverkey.pem

      Note: Do not change the certificate file names.

  2. Add the Log Correlation Engine to Tenable Security Center, as described in Add a Tenable Log Correlation Engine Server in the Tenable Security Center User Guide.