Stealthwatch: Self Generate Cert vs. CA cert

KelvinT — Thu, 10 Sep 2020 20:00:49 GMT

Hello,

Is it best/common practice to install a customized certificate for stealtwatch SMC or is it recommended to use the original self generated certificate? There isn't much documentation on this topic. I tried to use a CA cert in the lab and it was a royal pain.

Thanks

Re: Stealthwatch: Self Generate Cert vs. CA cert

Marvin Rhoads — Sat, 12 Sep 2020 02:57:07 GMT

It's more of a preference and policy issue than it is anything to do with the StealthWatch functionality.

Some organizations take the approach that anything that is secured with a certificate should have a proper one signed by a trusted CA. However others say that since the only people interacting with the SMC are qualified security practitioners they know that accepting the self signed certificate is not a security risk in this case.

I lean towards the former camp but it does mean we have to increase our skills with certificates and CAs. Vendors could certainly do a better job at making it easier. I have at least a dozen very different methods for dealing with certificates just among the Cisco products I use. If I spend half a day wrestling with certificate configuration, that's half a day I'm not dealing with actual security issues.

topic Stealthwatch: Self Generate Cert vs. CA cert in Network Security

Stealthwatch: Self Generate Cert vs. CA cert

Re: Stealthwatch: Self Generate Cert vs. CA cert