EventSentry Best Practices

 

First, install OpenSSL from http://slproweb.com/products/Win32OpenSSL.html in order to create the required certificates.

 

Open the command prompt as an administrator (Run as administrator) and navigate to the OpenSSL directory (c:\OpenSSL-Win32 by default):

 

1.  Set the environment variable for OPENSSL_CONF:

 

         set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg

 

2.  Generate a CA certificate:

 

         openssl genrsa 2048 > ca-key.pem

         openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem

 

3.  Generate a server certificate:

 

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem -out server-req.pem                

         openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem                

         openssl rsa -in server-key.pem -out server-key.pem

 

4.  Generate a client certificate:

 

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem -out client-req.pem                

         openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem        

         openssl rsa -in server-key.pem -out server-key.pem

 

5.  Convert and move the generated files to the postgreSQL data directory:

 

         openssl x509 -outform pem -in ca-cert.pem -out root.crt

         openssl rsa -in server-key.pem -out server.key

         openssl x509 -outform pem -in server-cert.pem -out server.crt

         copy root.crt "C:\Program Files (x86)\EventSentry\data96\root.crt"

         copy server.key "C:\Program Files (x86)\EventSentry\data96\server.key"

         copy server.crt "C:\Program Files (x86)\EventSentry\data96\server.crt"

 

 

6.  Edit Postgresql.conf

 

 Location: C:\Program Files (x86)\EventSentry\data96\postgresql.conf

 

7.  Set "ssl = on" and uncomment the line.

 

 Location: Line 80

 

8.  Save postgresql.conf

 

9.  Restart EventSentry Database service

 

10. Open EventSentry Management Console, expand "Actions" and click "Primary Database"

 

11. Click "Create ..." next to your connection string.

 

12. Select "Use SSL" and verify the rest of the data before clicking "Ok"

 

 

 

 

13. Verify your connection string contains "sslmode=require"

 

 

 

14. Click "Test" and verify the test entry was successfully written to the database.

 

15. Save the configuration in EventSentry Management Console