Certificate expiry assistance
search cancel

Certificate expiry assistance

book

Article ID: 273036

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

We are currently trying to renew certificate for dlp web console.

We used the following documentation Create, sign, and import an SSL certificate signed by a Trusted Certificate Authority for the Enforce Server certificate (broadcom.com)

but ran into issues as we were unable to correctly apply the command <DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin\keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -validity 720 -dname "CN=<servername>, OU=XXX, O=SYMANTEC, L=SANJOSE, ST=California, C=US" -ext SAN=DNS:<servername>,DNS:<domainname>,DNS:<FQDN>,IP:<IPAddress> -keystore <DRIVE>:\EnforceCert\.keystore -storepass XXXXXXXX 

As we could not determine what was being referred to as IPAddress- DNS IP or Server IP as well as FQDN-DNS FQDN or Server FQDN

We would like to receive support

Environment

Release : 16.0

Cause

Configuration issue in terms of the certificate on the environment

Resolution

To further clarify for the enforce console and enforce FQDN is "dlp.abc.com" and it's IP is <10.0.0.0> then this look good.

To clarify, using an example the dlp app is on an asset <dlp.abc.com> and IP <10.0.0.0>
the command to be implemented becomes:

<DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin\keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -validity 720 -dname "CN=dlp, OU=DLP, O=SYMANTEC, L=Cupertino, ST=California, C=US" -ext SAN=DNS:dlp,DNS:abc.com,DNS:dlp.abc.com,IP:10.0.0.0 -keystore E:\EnforceCert\.keystore -storepass xxxxxxxx

Hope this helps answer your question.

Powered by Wolken Software