How to import a certificate to the Sharepoint or Exchange crawler

book

Article ID: 159473

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

How can I import a certificate into the Sharepoint or Exchange crawler ?

Resolution

SharePoint and Exchange crawlers by default does not validate server SSL certificates in case of HTTPS connection. To enable validation, modify the value of advanced server setting "Discover.ValidateSSLCertificates" to true. When enabled, scanning SharePoint/Exchange servers using Self signed or untrusted certificates fails with suitable error message. If the SharePoint web application or Exchange server is signed by a certificate issued by a certificate authority whose certificate is missing in the DLP JRE trust store, then it is necessary to import the issuing authority certificate.

  1. Get the CA certificate used at SharePoint/Exchange server from system administrator.
    Alternatively, you could follow these steps
    1. Use IE/Firefox to browse to a SharePoint site or Exchange OWA address
    2. Export the certificate to a file. For example c:\cert\servercert.crt
  2. Use keytool to install the certificate into the standard local JRE trustore (keytool is provided by JRE and is part of DLP binaries)
    1. Open command prompt
    2. cd c:\Vontu\jre\bin or c:\SymantecDLP\jre\bin
    3. Run the command .\keytool -importcert -alias <name-of-your-choice> -keystore ..\lib\security\cacerts -file c:\cert\servercert.crt
    4. For password, enter 'changeit' unless you've changed the truststore password.
    5. When it asks if you want to trust this certificate, say 'yes'.