Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Replacing Captive Portal certificate with an existing PFX certificate

    • Updated:
    • 4 Mar 2015
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • Virtual Appliance 4.1
    • Virtual Appliance 5.1
Summary

Follow this procedure if you need to replace the Captive Portal certificate with your own PFX file, which is typically in PKCS12 format. 

Details
Public

To replace the Captive Portal certificate:

  1. Upload your iwsva.pfx certificate to the /etc/iscan/AdminUI/tomcat/ directory.
  2. Convert the format of the certificate by running the following commands:

    #openssl pkcs12 -in iwsva.pfx -nokeys -out iwsva.pem
    #openssl pkcs12 -in iwsva.pfx -nocerts -out iwsva.key

    We recommend using "123456" as the PEM pass phrase.

  3. Open the /etc/iscan/intscan.ini file.
  4. Locate the captive_portal_certpwd parameter and do the following:
    • If your certificate's passphrase is "123456", there is no need to change the existing encrypted value "!CRYPT!2092C89A582D52C4223A9CBFB62280F1B0E4B6E7C3E".
    • If your passphrase is not "123456", use the encrypted value that you will get from this command:

      [root@iwsva60 ~]# /usr/iwss/bin/encpw <passphrase>

      Example:

      [root@iwsva60 ~]# /usr/iwss/bin/encpw 1234
      !CRYPT!10788C70C1430DEE3B97E524F09

      The line should then be modified to:

      captive_portal_certpwd=!CRYPT!10788C70C1430DEE3B97E524F09

  5. Locate these parameters and change their values to the following:
    • captive_portal_cert=/etc/iscan/AdminUI/tomcat/iwsva.pem
    • captive_portal_pkey=/etc/iscan/AdminUI/tomcat/iwsva.key
  6. Restart the proxy service by using these commands:

    #/etc/iscan/S99ISproxy stop
    #/etc/iscan/S99ISproxy start

Access Captive Portal and verify if the certificate has been replaced. If it is still the default iwss.trend certificate, contact Trend Micro Technical Support.

  1. Upload your iwsva.pfx certificate to the /etc/iscan/AdminUI/tomcat/ directory.
  2. Go to /etc/iscan/AdminUI/tomcat/conf/ and open the server.xml file.
  3. Modify the value of the keystoreFile parameter from “captivekey” to “iwsva.pfx”.
  4. Add the following line:

    keystoreType="PKCS12"

  5. Set the keystorePass parameter to “123456”.
  6. Restart the web console service using this command:

    #/etc/iscan/S99IScanHttp restart

Access Captive Portal and verify if the certificate has been replaced. If it is still the default iwss.trend certificate, contact Trend Micro Technical Support.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1103164
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.