Which is the correct keystore folder for importing TLS certificates for Network Prevent for Email?
search cancel

Which is the correct keystore folder for importing TLS certificates for Network Prevent for Email?

book

Article ID: 208318

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Email

Issue/Introduction

A prior version of the documentation for importing TLS certificates into one's Network Prevent for Email server keystore suggested the following location for this keystore:

 

When you install Network Prevent for Email Server, the installer creates an empty keystore file in installdir

<drive>:\Program Files\Symantec\DataLossPrevention\DetectionServer\<DLP_version>\Protect\keystore\prevent.ks

Environment

Cause

This was actually incorrect, and if the keystore file for SMTP Prevent is updated in this location, TLS handshakes will fail to find the certificate assigned.

As a result, connections to the downstream MTA will be dropped as soon as they are established, usually with a simple "Forward connection closed" in the RequestProcessor log.

 

Resolution

The correct location of the SMTP Prevent keystore is defined in the "Protect.properties" file on the Detection Server which is located at C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config

Linux:

#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = /var/Symantec/DataLossPrevention/DetectionServer/<version>/keystore/prevent.ks

 

Windows:

#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/<version>/keystore/prevent.ks

Additional Information

Current versions of the above documentation already reflect this change - this article is for informational purposes only and will be removed at a future date.