15.2.6. Procedure – Uploading decryption keys to the external indexer

Purpose: 

If the audit trails you want to index are encrypted, complete the following steps to make the decryption keys available for the indexer.

Steps: 

  1. Obtain the RSA private keys and the matching x.509 certificates in PKCS-1 PEM format, and copy them to the external indexer's host. Other certificate formats are not supported.

  2. Use the indexer-keys-json.py script to transform the certificate and the private key to the required JSON format. When executed, the script asks for the path to the certificate and the private key, and the password of the private key. You can provide multiple certificates to convert. Following conversion, the password is removed.

    1. In the /opt/external-indexer/usr/bin/ folder, issue the following command:

      python indexer-keys-json.py
    2. Provide the absolute path to the X.509 certificate.

    3. Provide the absolute path to the corresponding private key.

    4. If the key is password protected, enter Y to provide the password.

    5. To add additional certificates, enter Y.

      To finish, enter n.

    The script outputs the conversion result to the terminal.

  3. Add the output to the /opt/external-indexer/etc/indexer/indexer-certs.cfg configuration file.

    The indexer-certs.cfg is a JSON file for the certificates and the private keys used to decrypt the audit trails. Note the following points:

    • All information about the certificate and the private key displayed before the -----BEGIN part must be removed.

    • The x509 and key values must contain the \n line separators after the -----BEGIN CERTIFICATE----- and -----BEGIN RSA PRIVATE KEY----- strings.

    • The x509 and key values must contain the \n line separators before the -----END CERTIFICATE----- and -----END RSA PRIVATE KEY----- strings.

    • After the closing curly brace (}) character, put a comma (,), except for the last entry in the file.

    The following example file contains two certificates and two private keys:

    [
      {
        "x509": "-----BEGIN CERTIFICATE-----\nMIIECTCCA3KgAwIBAgI...QmueGs9bIqncUt7vI=\n-----END CERTIFICATE-----",
        "key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC0Q9Fd6zPVI6DSTlh...PXLPL5VPdo=\n-----END RSA PRIVATE KEY-----"
      },
      {
        "x509": "-----BEGIN CERTIFICATE-----\nMIIECTsdagadgasBAgI...Qmawrefqwegwqc=\n-----END CERTIFICATE-----",
        "key": "-----BEGIN RSA PRIVATE KEY-----\nMIOLASIHDROIE...PXsagwqgegwqe=\n-----END RSA PRIVATE KEY-----"
      }
    ]
  4. Save the file.

    You can now start the indexer service. For more information, see Procedure 15.2.8, Starting the external indexer.