Summary
Follow this procedure if you would like to use your own certificate for the Captive Portal website. This is useful in situations where a certificate error is preventing you from browsing the Internet when using Captive Portal.
Details
To use your own certificate:
- Run this command to generate a new keystore file that InterScan Web Security Virtual Appliance (IWSVA) will use when accessing Captive Portal: /etc/iscan/AdminUI/jre/bin/keytool -genkey –alias tomcat -keyalg RSA -keystore ./newcaptive.key
- For the first name and last name, specify the hostname of the IWSVA server. For example: iwsva.domain.com.
- Copy the generated keystore file into the /etc/iscan/AdminUI/tomcat directory.
- Back up the server.xml file in the /etc/iscan/AdminUI/tomcat/conf directory.
- Stop the web console service using this command: /etc/iscan/S99IScanHttp stop
- Open the server.xml file.
- Look for the following parameters and change the values to these: keystorePass=<password you set while creating the new keystore>
keystoreFile=newcaptive.key - Restart the web console service using this command: /etc/iscan/S99IScanHttp restart
- Access Captive Portal. When it shows an error message, open the certificate and ensure it has the same name as the hostname of the IWSVA server.
- Install the certificate and make sure it is saved under the Trusted Root tab.
- Access Captive Portal again.
If you get an error message that the certificate is expired, close the browser and wait for a couple minutes before accessing Captive Portal again. There should be no more error message and you should be redirected to the HTTPS site that you are trying to access.