15.2.6. Procedure – Uploading decryption keys to the external indexer

Purpose: 

If the audit trails you want to index are encrypted, complete the following steps to make the decryption keys available for the indexer.

Steps: 

  1. Obtain the RSA private keys and the matching x.509 certificates in PKCS-1 PEM format, and copy them to the external indexer's host. Other certificate formats are not supported.

  2. Use the indexer-keys-json utility to transform the certificate and the private key to the required JSON format. When executed, the script asks for the path to the certificate and the private key, and the password of the private key. After the conversion, the password is removed.

    The utility automatically adds the certificate and the private key to the /opt/external-indexer/etc/indexer/indexer-certs.cfg keystore file. If you want to use a different keystore file, use the --keystore argument to specify another file. If the keystore already includes the certificate and the private key you want to add, they will be ignored.

    1. In the /opt/external-indexer/usr/bin/ folder, issue the following command: indexer-keys-json

    2. Enter the absolute path to the X.509 certificate. Alternatively, you can include this information as a parameter: indexer-keys-json --cert <path-to-certificate>

    3. Provide the absolute path to the corresponding private key. Alternatively, you can include this information as a parameter: indexer-keys-json --private-key <path-to-private-key>

    4. If the key is password protected, enter the password to the private key.

    5. To add additional certificates, re-run the indexer-keys-json command.

  3. You can now start the indexer service. For more information, see Procedure 15.2.8, Starting the external indexer.