Process: Renewing TLS Certificates on Syslog servers for Firewalls

TLS certificates are valid for a maximum of 397 days and must be renewed annually. It can be renewed as early as 90 days to 1 day before it expires. If renewed before it expires ensure to transfer as much of the remaining validity as possible to the renewed certificate without exceeding the 397 day maximum validity period.

1. Laptop - Download CSR provided by Redcentric and place in your laptops C:/ drive

2. Jumpbox-prd01 –

2.1. Bastion into Jumpbox-prd01 using your .a credentials.

2.2. Open Run, then run the command to connect to your laptop (ex. \\w50007126.mccc.mariecurie.local\c$).

2.3 Locate CSR file and drag and drop to the Jumpbox Desktop

2.4 Open WinSCP and connect to the syslog-prd01 server

IP – 10.213.25.4 (syslog-prd01 private IP)

local cybersecurity credentials (located in the Bitwarden Cybersecurity collection)

port 22

If there are issues connecting, see troubleshooting steps

2.5 Drag and drop the file to the right side to upload to syslog-prd01

3. syslog-prd01 –

3.1 Bastion into syslog-prd01 using the cybersecurity credentials (located in the Bitwarden Cybersecurity collection).

3.2 Copy the .csr file to /root/certs/2023 (sudo cp <.CSR> /root/certs/2023)

3.3 Run open ssl command (sudo openssl x509 -req -in <.CSR> -CA /root/certs/ca.pem -CAkey /root/certs/ca-key.pem -CAcreateserial -out <.CRT> -day 365 -sha256)

3.4 Copy .crt file from /root/certs/2023 to /home/cybersecurity

4. jumpbox-prd01 - WinSCP - Refresh page and copy CRT file to laptop (via previous method and drag and drop)

5. Provide Redcentric the certificate to apply to the firewall.

* After confirmed successful implementation of certificate by Redcentric. Please ensure that you delete the CSR and CRT file from your laptop.

Troubleshooting Steps

In Azure ensure that the Jumpbox IP is added to the port 22 rule in syslog-prd01 NSG