Certificate expiry assistance
search cancel

Certificate expiry assistance


Article ID: 273036


Updated On:


Data Loss Prevention Core Package


We are currently trying to renew certificate for dlp web console.

We used the following documentation Create, sign, and import an SSL certificate signed by a Trusted Certificate Authority for the Enforce Server certificate (broadcom.com)

but ran into issues as we were unable to correctly apply the command <DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin\keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -validity 720 -dname "CN=<servername>, OU=XXX, O=SYMANTEC, L=SANJOSE, ST=California, C=US" -ext SAN=DNS:<servername>,DNS:<domainname>,DNS:<FQDN>,IP:<IPAddress> -keystore <DRIVE>:\EnforceCert\.keystore -storepass XXXXXXXX 

As we could not determine what was being referred to as IPAddress- DNS IP or Server IP as well as FQDN-DNS FQDN or Server FQDN

We would like to receive support


Release : 16.0


Configuration issue in terms of the certificate on the environment


To further clarify for the enforce console and enforce FQDN is "dlp.abc.com" and it's IP is <> then this look good.

To clarify, using an example the dlp app is on an asset <dlp.abc.com> and IP <>
the command to be implemented becomes:

<DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin\keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -validity 720 -dname "CN=dlp, OU=DLP, O=SYMANTEC, L=Cupertino, ST=California, C=US" -ext SAN=DNS:dlp,DNS:abc.com,DNS:dlp.abc.com,IP: -keystore E:\EnforceCert\.keystore -storepass xxxxxxxx

Hope this helps answer your question.