Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-5
FireSIGHT System Database Access Guide
Chapter 2 Setting Up Database Access
Installing the Client SSL Certificate
The Database Settings menu appears.
Step 3
Next to
Client JDBC Driver
, click
Download
and follow your browser’s prompts to download the
client.zip
package.
Step 4
Unpack the ZIP package. Note the location.
Make sure you preserve the file structure of the package.
The driver, along with other files, is packaged in a ZIP file (
client.zip
). The package contains the
following directories:
•
bin
, which contains a sample client called RunQuery, as well as the executable files you use to install
the certificate for encrypted communication between your client and the Defense Center
•
lib
, which contains JDBC driver JAR files
•
src
, which contains source code for the executable files in the
bin
directory
Step 5
Continue with the procedure in the next section,
Installing the Client SSL Certificate
Once you have downloaded the JDBC driver, use the Cisco-provided program named InstallCert to
accept and install the SSL certificate from the Defense Center. Your client system and the Defense
Center communicate securely with SSL certificate authentication. When you accept the certificate, your
computer adds it to the keystore (
accept and install the SSL certificate from the Defense Center. Your client system and the Defense
Center communicate securely with SSL certificate authentication. When you accept the certificate, your
computer adds it to the keystore (
jssecacerts
) in the
security
directory of the currently running JRE:
$JAVA_HOME/jre[version]/lib/security
The following represent common locations of the keystore for computers running Microsoft Windows
and UNIX, respectively:
and UNIX, respectively:
•
C:\Program Files\Java\jre[version]\lib\security\jssecacerts
•
/var/jre[version]/lib/security/jssecacerts
Note
If the Java query application you plan to use to access the database access function uses a different JRE,
you must copy the keystore to the
you must copy the keystore to the
security
directory of the other JRE.
To install the SSL certificate using InstallCert:
Step 1
On your computer, open a command line interface.
Step 2
At the command prompt, change to the
bin
directory created when you unpacked the ZIP package.
Step 3
To install the Defense Center’s SSL certificate, type the following and press Enter:
java InstallCert defense_center
where
defense_center
is either the FQDN or the IP address of the Defense Center. InstallCert does
not support IPv6 addresses. If you are on an IPv6 network, you must use a resolvable hostname.
Output similar to the following example from a computer running Microsoft Windows appears:
Loading KeyStore C:\Program Files\Java\jre6\lib\security...
Opening connection to defensecenter.example.com:2000...
Starting SSL handshake...