Which is the correct keystore folder for importing TLS certificates on the Enforce management console?

book

Article ID: 208318

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Email

Issue/Introduction

The documentation for importing TLS certificates into one's Network Prevent for Email server keystore suggests the following location for this keystore:

 

When you install Network Prevent for Email Server, the installer creates an empty keystore file in installdir

c:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\keystore\prevent.ks

Cause

This actually is incorrect, and if the keystore file for SMTP Prevent is updated in this location, TLS handshakes will fail to find the certificate assigned.

As a result, connections to the downstream MTA will be dropped as soon as they are established, usually with a simple "Forward connection closed" in the RequestProcessor log.

 

Environment

Release : 15.7

Component :

Symantec™ Data Loss Prevention MTA Integration Guide for Network Prevent for Email (broadcom.com)

Resolution

The correct location of the SMTP Prevent keystore is defined in the "Protect.properties" file on the Detection Server.

Linux

#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = /var/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks

 

Windows

#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks

Additional Information

Future versions of the above documentation should reflect this change.