Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How to verify a certificate to be used by Cb Response Cloud for SIEM/syslog integration

How to verify a certificate to be used by Cb Response Cloud for SIEM/syslog integration

Carbon Black Response Cloud 6.x

How to verify a certificate to be used by Cb Response Cloud for SIEM/syslog integration.

This should be done prior to providing Cb Cloud Ops with certificate.


To check the certificate handshake with the SIEM server:

From any Linux machine with network connectivity, as root

copy  the certificate to your current working directory

# openssl s_client -connect -CAfile my.siem.crt -msg                  // where is the SIEM IP address

Here is what a successful SSL connection attempt looks like with the same command, on a host with SSL properly configured:

{code}# openssl s_client -connect


depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority

verify return:1

depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA

verify return:1

depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2

verify return:1

depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *

verify return:1


Certificate chain

0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*

i:/C=US/O=Google Inc/CN=Google Internet Authority G2

1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2

i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority


Server certificate


<redacted for brevity>


subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*

issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2


No client certificate CA names sent

Server Temp Key: ECDH, prime256v1, 256 bits


SSL handshake has read 4800 bytes and written 373 bytes


New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE


Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-GCM-SHA256

Session-ID: 61C35ECF80C77058C19F3281DFE239C3647469A5EF37DC75A15FB9BF5C7934A4


Master-Key: F9186170D54C3CD9B0C1E56897E982AEAF1644EC0051C614F494FBDFF91C7F20FC72100E4E36B73E339F25B918764967

Key-Arg : None

<redacted for brevity>


An optional way to validate the cert is with this command

# openssl x509 -in certificate.crt -text -noout

Related Content

The Most Common OpenSSL Commands

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: