By default, Log Insight installs a self-signed SSL certificate on the virtual appliance.

The self-signed certificate generates security warnings when you connect to the Log Insight Web user interface. If you do not want to use a self-signed security certificate, you can install a custom SSL certificate. The use of a custom SSL certificate is optional and does not affect the features of Log Insight.

Note

The Log Insight Web user interface and the SSL syslog protocol use the same certificate for authentication.

Verify that your custom SSL certificate meets the following requirements.

The certificate file contains both a valid private key and a valid certificate chain.

The private key is generated by the RSA or the DSA algorithm.

The private key is not encrypted by a pass phrase.

If the certificate is signed by a chain of other certificates, all other certificates are included in the certificate file that you plan to import.

The private key and all the certificates that are included in the certificate file are PEM-encoded. Log Insight does not support DER-encoded certificates and private keys.

The private key and all the certificates that are included in the certificate file are in the PEM format. Log Insight does not support certificates in the PFX, PKCS12, PKCS7, or other formats.

Verify that you concatenate the entire body of each certificate into a single text file in the following order.

a

The Private Key - your_domain_name.key

b

The Primary Certificate - your_domain_name.crt

c

The Intermediate Certificate - DigiCertCA.crt

d

The Root Certificate - TrustedRoot.crt

Verify that you include the beginning and ending tags of each certificate in the following format.

-----BEGIN RSA PRIVATE KEY----- 
(Your Private Key: your_domain_name.key) 
-----END RSA PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: DigiCertCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: TrustedRoot.crt) 
-----END CERTIFICATE-----

Verify that you are logged in to the Log Insight Web user interface as an Admin user. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the Log Insight virtual appliance.

If you use Internet Explorer 9, verify that you have Adobe Flash Player installed on your system.

1

Generate a certificate signing request by using the OpenSSL tool for Windows.

2

Send your certificate signing request to a Certificate Authority of your choice and request a signature.

3

Combine your key and certificate files into a PEM file.

4

Upload your signed certificate by using the Log Insight Web Interface.