search cancel

Java error while importing PFX certificate for Enforce console

book

Article ID: 253409

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Java error "Keytool error: java.lang.NullPointerException" while importing SSL certificate for Enforce console. 

 

Environment

DLP 15.8 Enforce server.

PFX certificate.

Cause

When we export certificate in PFX, ensure that "Export all extended properties" option is selected. If this option was not selected then import the certificate into Windows store and then export again with "Export all extended properties" option selected as shown in attachment. 

Resolution

Get a new certificate pair from your CA in .pfx format and then import it into the a keystore for use. 

1. Get the new certificate in a pfx format from your CA.

2. Create a new keystore with the certificates.

a. First create a directory called NEW under root drive as we will place new keystore and all files in this directory.
b. keytool -importkeystore -deststorepass protect -destkeypass protect -destkeystore "/path/to/NEW/keystore/.keystore" -srckeystore "/path/to/certificates/enforce.pfx" -srcstoretype PKCS12 -srcstorepass password_for_pfx

3. Make sure the certificate is imported correctly.

c. keytool -list -v -keystore /path/to/keystore/.keystore
d. Find the imported certs alias.  Typically it will be a UID or the FQDN for the server.

4. Keytool -changealias -alias "ORIGINAL_ALIAS_FROM_PREVIOUS_STEP" -destalias "tomcat" -keystore "/path/to/NEW/keystore/.keystore" -storepass protect

5. Move the new keystore into the enforce tomcat directory
e. <DRIVE>\Program Files\Symantec\DataLossPrevention\EnforceServer\<VERSION>\Protect\tomcat\conf\.keystore

6. Recycle the DLP manager service

Enforce should now be using the newly created certificates.

Attachments

1667375668700__PFX certificate export.PNG get_app
1667375652491__PFX certificate import.PNG get_app