Before regenerating a self-signed certificate, you need to backup the old
.keystore and c
onfiguration.properties by executing the following commands:
Linux:
cp /opt/dsm/configuration.properties /opt/dsm/configuration.properties.bak
cp /opt/dsm/.keystore /opt/dsm/.keystore.bak
Windows:
copy "C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties" "C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties.bak"
copy "C:\Program Files\Trend Micro\Deep Security Manager\.keystore" "C:\Program Files\Trend Micro\Deep Security Manager\.keystore.bak"
Create a new .keystore as follows:
- Linux:
- On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the
/opt/dsm/jre/bin
directory. - Execute the following command, replacing the
cn
value to match your Deep Security Manager:keytool -genkey -alias tomcat -keystore ~/.keystore -keyalg RSA -validity 365 -keysize 2048 -dname "cn=dsm.example.com, ou=IT, o=Trend Micro, l=Ottawa, s=Ontario, c=CA"
- When prompted, enter a password that you will later set in the
/opt/dsm/configuration.properties
file for thekeystorePass
value. - When prompted, enter a key password for tomcat or press Enter to have the same key as the keystore file.
- Copy the new keystore to the correct location by executing the following command:
cp ~/.keystore /opt/dsm/.keystore
- In the
/opt/dsm/configuration.properties
file, set the keystore password for thekeystorePass
value, and then save the file. - Restart Deep Security Manager.
- Verify that the browser can validate the certificate.
- On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the
- Windows:
- On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the
C:\Program Files\Trend Micro\Deep Security Manager\jre\bin
directory. - Execute the following command, replacing the
cn
value to match your Deep Security Manager:keytool -genkey -alias tomcat -keystore C:\Users\Administrator\.keystore -keyalg RSA -validity 365 -keysize 2048 -dname "cn=dsm.example.com, ou=IT, o=Trend Micro, l=Ottawa, s=Ontario, c=CA"
- When prompted, enter a password that you will later set in the
C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties
file for thekeystorePass
value. - When prompted, enter a key password for tomcat or press Enter to have the same key as the keystore file.
- Copy the new keystore to the correct location by executing the following command:
copy "c:\Users\Administrator\.keystore" "C:\Program Files\Trend Micro\Deep Security Manager\.keystore"
- In the
C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties
file, set the keystore password for thekeystorePass
value, and then save the file. - Restart Deep Security Manager.
- Verify that the browser can validate the certificate.
- On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the