How to import a certificate to the Sharepoint or Exchange crawler
Last Updated June 22, 2011
How can I import a certificate into the Sharepoint or Exchange crawler ?
SharePoint and Exchange crawlers by default does not validate server SSL certificates in case of HTTPS connection. To enable validation, modify the value of advanced server setting "Discover.ValidateSSLCertificates" to true. When enabled, scanning SharePoint/Exchange servers using Self signed or untrusted certificates fails with suitable error message. If the SharePoint web application or Exchange server is signed by a certificate issued by a certificate authority whose certificate is missing in the DLP JRE trust store, then it is necessary to import the issuing authority certificate.
Get the CA certificate used at SharePoint/Exchange server from system administrator. Alternatively, you could follow these steps
Use IE/Firefox to browse to a SharePoint site or Exchange OWA address
Export the certificate to a file. For example c:\cert\servercert.crt
Use keytool to install the certificate into the standard local JRE trustore (keytool is provided by JRE and is part of DLP binaries)
Open command prompt
cd c:\Vontu\jre\bin or c:\SymantecDLP\jre\bin
Run the command .\keytool -importcert -alias <name-of-your-choice> -keystore ..\lib\security\cacerts -file c:\cert\servercert.crt
For password, enter 'changeit' unless you've changed the truststore password.
When it asks if you want to trust this certificate, say 'yes'.
Imported Document ID: TECH218812
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe