Re: ISE pxGrid2.0 integration with IBM qRadar

vchrenek · ‎09-26-2018

Hi Team,

I was wondering if there is any ISE certificate requirement for pxGrid2.0 integration with IBM qRadar... I have tried to use default self-signed certificate that doesn't work at all, only certificate signed by internal CA does the trick.

Do we have any documented requirement for certificates? In current documentation, there is not much related to certs...

Many thanks,

Veronika

Timothy Abbott · ‎09-26-2018

The pxGrid certificate is different than a normal web server SSL certificate. In the past, you needed to publish a specific certificate format in MS CA to make pxGrid certificates. We made using certificates with pxGrid much easier beginning with ISE 2.4. ISE's pxGrid controller certificate is sign by the internal CA and we also give you the ability to issue pxGrid certificates right from the ISE UI. While you can still use another certificate authority to sign pxGrid certificates such as MS CA, it is easier and recommended you use the internal CA with ISE for pxGrid certificates.

Regards,
Tim

vchrenek · ‎09-26-2018

Thanks, Timothy.
I understand and agree that internal CA procedure is way more easier, straightforward and recommended way, however from my point of view, there is no reason why self-signed certificate cannot be used for pxGrid purpose (unless there is limitation from qRadar side). I have seen this working in multiple deployments, but cannot make is working for qRadar. What if we already use self-signed certificate for our current pxGrid clients without any problems, but we want to integrate ISE with qRadar and fail because it doesn't allow self-signed certificate?
Thank you!
Veronika