Manager verification using SSL
To verify the manager using SSL, it is needed to create a SSL certificate for the Wazuh manager and sign it using the Certificate of Authority (CA) created in the previous section. This will allow the agents to verificate the Wazuh manager while they are been registered.
In this example, we are going to create a certificate for a Wazuh manager, whose IP address is 192.168.1.2
.
Wazuh manager
Follow these steps in the Wazuh server:
Create a configuration file and name it
req.conf
. You can enter the hostname or the IP address of the Wazuh server where the agents are going to be registered. In this case, the Wazuh server IP is192.168.1.2
. The content of the configuration file could be as follows:
[req] distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [req_distinguished_name] C = US CN = 192.168.1.2 [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = wazuh DNS.2 = wazuh.comNote
The
subjectAltName
extension is optional but necessary to allow the registration of Wazuh agents with a SAN certificate. In this case, the Wazuh server DNS arewazuh
andwazuh.com
.
Issue and sign a certificate for the manager:
# openssl req -new -nodes -newkey rsa:4096 -keyout sslmanager.key -out sslmanager.csr -config req.conf # openssl x509 -req -days 365 -in sslmanager.csr -CA rootCA.pem -CAkey rootCA.key -out sslmanager.cert -CAcreateserial -extfile req.conf -extensions req_extNote
The
-extfile
and-extensions
options are required to copy the subject and the extensions fromsslmanager.csr
tosslmanager.cert
. This will allow the registration of Wazuh agents with a SAN certificate.
Copy the newly created certificate and its key to the
/var/ossec/etc
folder:
# cp sslmanager.cert sslmanager.key /var/ossec/etc
Restart the Wazuh manager:
For Systemd:
# systemctl restart wazuh-manager
For SysV Init:
# service wazuh-manager restart
Wazuh agents
Once you have completed the Wazuh manager section, you need to copy the CA file (.pem
) to the agent. In this example, the CA file is rootCA.pem
. After that, follow the steps to connect the Wazuh agent to the manager: