Data Loss Prevention

 View Only

  • 1.  SSLKeyTool - Detection server certificates

    Posted Oct 21, 2018 10:27 PM

    Hello,

    I have deployed detection server certificates to my customer's detection servers. I want to document when the certificates will expire so that we can pre-emptively update them prior to expiry.

    How can you tell when a detection server certificate will expire?

    Cheers

    Cameron Mottus



  • 2.  RE: SSLKeyTool - Detection server certificates
    Best Answer

    Posted Oct 23, 2018 01:02 AM

    Hi Cameron,

     

    You can use keytool.exe that is included in your JRE install to accomplish this.

    Keep in mind for version 15.1 the default keystore folder is in c:\ProgramData now and not in your Symantec DLP local directory.

     

    D:\SymantecDLP\Server JRE\1.8.0_162\bin>keytool.exe -list -v -keystore "C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\keystore\monitor6_keystore_v1.jks"

    (Default password is protect, unless this was modified during key creation. Also, sometimes the default password is just blank and hitting enter at the password prompt will display the keystore contents)

     

    This should display the certificate details ... you can narrow down the output with a | findstr "Valid from" 

    Which will display 2 lines ... the first is your Monitor server certificate and the 2nd is the Enforce Root CA

     

    Hope this helps!

     

    Cheers

     

    Andy