Replacing the Management Interface default certificate with your own web server certificate signed by a Internal or Public CA on the DLP appliance is a two-step process:
Generate a CSR and a Private Key on the DLP appliance.
Import/replace the default Management Interface certificate with your own web server certificate signed by a Internal or Public CA on the DLP appliance.
SSH to DLP:
Login as dlpremote Loging as su browse to directory: cd /usr/share/tomcat60/conf/ Generate the Private RSA key : openssl genrsa -des3 -out example.key.com 2048 Generate the Certificate Signing Request : openssl req -new -key example.key.com -out example.csr (Optional) Remove the pass phrase on the RSA private key: openssl rsa -in example.key.com -out example.key
Get the csr out , you can use command : nano example.csr
After the previously generated CSR has been signed by an Internal Microsoft PKI or a Public CA , now you can import and replace the default Certificate on the DLP.
- Backup /usr/share/tomcat60/conf/mycert.p12. - Copy the new.p12 to mycert.p12. - Verify permissions are the same as the original mycert.p12 - Edit /usr/share/tomcat60/conf/server.xml. Search for keystorePass, and edit the value that follows it to your p12 file password. - Restart tomcat. # cgnmgr restart tomcat
Imported Document ID: 000031181
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.