Configure TLS/SSL Settings for a Threat Intelligence Director Source

Configure SSL Settings if the host server requires an encrypted connection.

Before you begin

Begin configuring a TAXII or URL source, as described in Fetch TAXII Feeds to Use as Sources or Fetch Sources from a URL.

Step 1

In the Edit Source dialog box, expand the SSL Settings section.

Step 2

If your server certificate is self-signed:

Enable Self-Signed Certificate.
Choose a SSL Hostname Verification method.
- Strict—threat intelligence director requires the source URL to match the hostname provided in the server certificate.
  
  If the hostname includes a wildcard, TID cannot match more than one subdomain.
- Browser Compatible—threat intelligence director requires the source URL to match the hostname provided in the server certificate.
  
  If the hostname includes a wildcard, TID matches all subdomains.
- Allow All—threat intelligence director does not require the source URL to match the hostname provided in the server certificate.
For example, if subdomain1.subdomain2.cisco.com is your source URL and *.cisco.com is the hostname provided in the server certificate:
- Strict hostname verification fails.
- Browser Compatible hostname verification succeeds.
- Allow All hostname verification ignores the hostname values completely.
For Server Certificate:
- If you have access to the PEM-encoded self-signed server certificate, open the certificate in a text editor and copy the entire block of text, including the BEGIN CERTIFICATE and END CERTIFICATE lines. Enter this entire string into the field.
- If you do not have access to the self-signed server certificate, leave the field blank. After you save the source, threat intelligence director retrieves the certificate from the server.

Step 3

If your server requires a user certificate:

Enter a User Certificate:

Open the PEM-encoded certificate in a text editor and copy the entire block of text, including the BEGIN CERTIFICATE and END CERTIFICATE lines. Enter this entire string into the field.
Enter a User Private Key:

Open the private key file in a text editor and copy the entire block of text, including the BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY lines. Enter this entire string into the field.

Take note of the certificate's expiration date. You may want to set a calendar reminder to enter a new server certificate after the current certificate expires.
Continue configuring the source:
- Fetch TAXII Feeds to Use as Sources
- Fetch Sources from a URL