Data Loss Prevention

 View Only

  • 1.  Create DLP Web Page Certificates

    Posted Jul 18, 2013 05:52 PM

    Hello..

    I am having trouble creating and importing the Web Page Certificates so I don't get the warning page. Can anyone hepl me with the process on how to do this. The Admin guide is not very clear.

    Uttam



  • 2.  RE: Create DLP Web Page Certificates
    Best Answer

    Trusted Advisor
    Posted Jul 18, 2013 06:00 PM
      |   view attached

    Uttam,

    Here is a step by step process that I use for my customers. I attached a doc on it too.

    This is how to generate the certificates for the DLP servers.

    First backup the .keystore  file in E:\apps\vontu\tomcat\conf

    E:\Apps\Vontu\jre\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore .keystore -validity 365 -storepass protect

    What is your first and last name? (This is the FQDN Server name)

      [Unknown]:  servername.company.com

    What is the name of your organizational unit?

      [Unknown]:  Information Security

    What is the name of your organization?

      [Unknown]:  Full Company Name

    What is the name of your City or Locality?

      [Unknown]:  Chicago

    What is the name of your State or Province?

      [Unknown]:  Illinois

    What is the two-letter country code for this unit?

      [Unknown]:  US

    Is CN= servername.company.com, OU=Information Security, O= Full Company Name, L=Chicago, ST=Illinois, C=US correct?

      [no]:  yes

    Enter key password for <tomcat>

            (RETURN if same as keystore password):

    Re-enter new password:

    E:\Apps\Vontu\jre\bin>keytool -certreq -alias tomcat -keyalg RSA -keystore .keystore -storepass protect -file Enforce2013.csr

    NOW TAKE THIS FILE AND SUBMIT IT TO VERISIGN AND HAVE THEM GENERATE THE CER


     

    Importing the Certs into the .keystore file.

    Once you get the CER file from Verisign. You will need to download the ROOT certificate and also the PRIMARY INTERMEDIATE cert.

    Open the issued X509 certificate for the server that was sent to you, using the Crypto Shell. Then manually extract the ROOT CA and call it PCA3-G5.cer

    keytool -import -trustcacerts -alias root -keystore e:\apps\vontu\jre\bin\.keystore -file e:\apps\vontu\jre\bin\PCA3-G5.cer

    Copy the PRIMARY INTERMEDIATE certificate from the Verisign site and paste that into a file called primary_inter.cer

    keytool -import -alias intermediate1 -keystore e:\apps\vontu\jre\bin\.keystore -trustcacerts -file e:\apps\vontu\jre\bin\primary_inter.cer

    Take the Certificate that was issued to the server (x509) and then import it to the .keystore

    keytool -import -alias tomcat -keystore e:\apps\vontu\jre\bin\.keystore -trustcacerts -file e:\apps\vontu\jre\bin\cert.cer

    Copy the update .keystore file to E:\Apps\Vontu\Protect\tomcat\conf

    Restart the Vontu Notifier Service, and validate that the site comes up.

     

    If this solves your questions please marked as solved.

    Ronak

    Attachment(s)

    docx
    Certificates on DLP.docx   14 KB 1 version


  • 3.  RE: Create DLP Web Page Certificates

    Posted Aug 09, 2013 12:41 PM

    I need to buy the CER in Verisign?

     

    hOW DO i GET?