Follow this procedure if you need to replace the Captive Portal certificate with your own PFX file, which is typically in PKCS12 format.
To replace the Captive Portal certificate:
- Upload your iwsva.pfx certificate to the /etc/iscan/AdminUI/tomcat/ directory.
- Convert the format of the certificate by running the following commands:
#openssl pkcs12 -in iwsva.pfx -nokeys -out iwsva.pem
#openssl pkcs12 -in iwsva.pfx -nocerts -out iwsva.keyWe recommend using "123456" as the PEM pass phrase.
- Open the /etc/iscan/intscan.ini file.
- Locate the captive_portal_certpwd parameter and do the following:
- If your certificate's passphrase is "123456", there is no need to change the existing encrypted value "!CRYPT!2092C89A582D52C4223A9CBFB62280F1B0E4B6E7C3E".
- If your passphrase is not "123456", use the encrypted value that you will get from this command:
[root@iwsva60 ~]# /usr/iwss/bin/encpw <passphrase>
Example:
[root@iwsva60 ~]# /usr/iwss/bin/encpw 1234
!CRYPT!10788C70C1430DEE3B97E524F09The line should then be modified to:
captive_portal_certpwd=!CRYPT!10788C70C1430DEE3B97E524F09
- Locate these parameters and change their values to the following:
- captive_portal_cert=/etc/iscan/AdminUI/tomcat/iwsva.pem
- captive_portal_pkey=/etc/iscan/AdminUI/tomcat/iwsva.key
- Restart the proxy service by using these commands:
#/etc/iscan/S99ISproxy stop
#/etc/iscan/S99ISproxy start
Access Captive Portal and verify if the certificate has been replaced. If it is still the default iwss.trend certificate, contact Trend Micro Technical Support.
- Upload your iwsva.pfx certificate to the /etc/iscan/AdminUI/tomcat/ directory.
- Go to /etc/iscan/AdminUI/tomcat/conf/ and open the server.xml file.
- Modify the value of the keystoreFile parameter from “captivekey” to “iwsva.pfx”.
- Add the following line:
keystoreType="PKCS12"
- Set the keystorePass parameter to “123456”.
- Restart the web console service using this command:
#/etc/iscan/S99IScanHttp restart