Moogsoft Docs

Configuring SSL in VRealize Log Insight

To configue SSL in vRealize Log Insight:

  1. Create a folder at a location of your choice to save your certificate files, for example /opt/ssl

  2. Open a command prompt and run the following command.

    openssl req -x509 -nodes -newkey 2048 -keyout server.key -out server.crt -days 3650

    OpenSSL prompts you to supply certificate properties, including country, organization, and so on. Enter the exact IP address or hostname of your vRealize Log Insight server, or the vRealize Log Insight cluster address if load balancing is enabled in the questions asked. This property is the only one for which it is mandatory to specify a value. Two files are created, key.pm and cert.pm .

  3. Combine your key and certificate files into a PEM file, for this c reate a new server.pem file and open it in a text editor.

  4. Copy the contents of your server.key file and paste it in server.pem using the following format.

    -----BEGIN RSA PRIVATE KEY----- 
    (Your Private Key: server.key) 
    -----END RSA PRIVATE KEY-----
  5. Copy the contents of your server.crt file and paste it in server.pem using the following format.

    -----BEGIN CERTIFICATE----- 
      (Your Primary SSL certificate: server.crt)
    -----END CERTIFICATE-----  
  6. If the Certificate Authorities provided you with an intermediate or chained certificate, append the intermediate or chained certificates to the end of the public certificate file in the following format. Otherwise don't append it

    -----BEGIN RSA PRIVATE KEY----- 
    (Your Private Key: server.key) 
    -----END RSA PRIVATE KEY----- 
    -----BEGIN CERTIFICATE----- 
    (Your Primary SSL certificate: server.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Intermediate certificate: DigiCertCA.crt) 
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    (Your Root certificate: TrustedRoot.crt) 
    -----END CERTIFICATE-----
  7. Save your server.pem file.

  8. Run the following command to generate client authentication certificates. This step is to be followed only if client authentication is enabled.

    openssl req -x509 -nodes -newkey 2048 -keyout client.key -out client.crt -days 3650

    Two files are created, key.pm and cert.pm .

  9. Open the vRealize Log Insight Console. Enter the user name and password for logging into the console.
  10. Click the configuration drop-down menu icon and select Administration .

  11. Under Configuration , click SSL .

  12. Click on Choose File , then browse to your custom SSL certificate, i.e. the server.pem certificate created above, and click Open .
  13. Click Save .
  14. Restart vRealize Log Insight.
  15. Copy all the certificates generated above to the machine where the LAM is running
  16. Navigate to the conf directory of the Moogsoft AIOps i.e. $Moogsoft_HOME/conf .
  17. Open the vrealize_loginsight_lam.conf file and enter the following details:
    • Set Enable SSL to true.
    • Enter the path of the directory where all the certificates generated in the above steps are copied to, e.g. "/usr/local/ssl" in the path_to_ssl_files.

    • Enter the certificate "server.crt"  in the server_cert_filename field . The cert file should be present in the directory given in path_to_ssl_files field.

    • Set use_client_authentication to true here if you want client authentication, otherwise set it to false. By default, it is set to false. If it is set to true, then the values are to be entered in the client_key_filename and the client_cert_filename fields.

    • Enter the name of the key file in client_key_filename , e.g. "client.key".  The key file should be present in the directory given in path_to_ssl_files field.

    • Enter the name of the certificate file in client_cert_filename , e.g. "client.crt". The cert file should be present in the directory given in path_to_ssl_files field.

The SSL in configured for both vRealize Log Insight and the LAM.