Views:

Before regenerating a self-signed certificate, you need to backup the old .keystore and configuration.properties by executing the following commands:
Linux:
cp /opt/dsm/configuration.properties /opt/dsm/configuration.properties.bak
cp /opt/dsm/.keystore /opt/dsm/.keystore.bak
Windows:
copy "C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties" "C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties.bak"
copy "C:\Program Files\Trend Micro\Deep Security Manager\.keystore" "C:\Program Files\Trend Micro\Deep Security Manager\.keystore.bak"

Create a new .keystore as follows:

  • Linux:
    1. On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the /opt/dsm/jre/bin directory.
    2. Execute the following command, replacing the cn value to match your Deep Security Manager:
      keytool -genkey -alias tomcat -keystore ~/.keystore -keyalg RSA -validity 365 -keysize 2048 -dname "cn=dsm.example.com, ou=IT, o=Trend Micro, l=Ottawa, s=Ontario, c=CA"
    3. When prompted, enter a password that you will later set in the /opt/dsm/configuration.properties file for the keystorePass value.
    4. When prompted, enter a key password for tomcat or press Enter to have the same key as the keystore file.
    5. Copy the new keystore to the correct location by executing the following command:
      cp ~/.keystore /opt/dsm/.keystore
    6. In the /opt/dsm/configuration.properties file, set the keystore password for the keystorePass value, and then save the file.
    7. Restart Deep Security Manager.
    8. Verify that the browser can validate the certificate.
  • Windows:
    1. On the computer where Deep Security Manager is installed, open the command prompt as an administrator and navigate to the C:\Program Files\Trend Micro\Deep Security Manager\jre\bin directory.
    2. Execute the following command, replacing the cn value to match your Deep Security Manager:
      keytool -genkey -alias tomcat -keystore C:\Users\Administrator\.keystore -keyalg RSA -validity 365 -keysize 2048 -dname "cn=dsm.example.com, ou=IT, o=Trend Micro, l=Ottawa, s=Ontario, c=CA"
    3. When prompted, enter a password that you will later set in the C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties file for the keystorePass value.
    4. When prompted, enter a key password for tomcat or press Enter to have the same key as the keystore file.
    5. Copy the new keystore to the correct location by executing the following command:
      copy "c:\Users\Administrator\.keystore" "C:\Program Files\Trend Micro\Deep Security Manager\.keystore"
    6. In the C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties file, set the keystore password for the keystorePass value, and then save the file.
    7. Restart Deep Security Manager.
    8. Verify that the browser can validate the certificate.