Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Replacing the web console certificate with customer PKCS #12 format in IWSVA 6.5

    • Updated:
    • 16 Aug 2016
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

You can import your own Public-Key Cryptography Standards (PKCS) #12 certificate into InterScan Web Security Virtual Appliance (IWSVA) 6.5. The custom certificate can be used as an alternative to the default certificate generated by IWSVA.

Details
Public

Import your PKCS #12 format certificate into the IWSVA administrator console using either of the following methods.

You need to modify the server.xml file after uploading the certificate when using this method.

    1. Open the IWSVA web console.
    2. Go Administration > Network Configuration > web console.
    3. Choose SSL mode.
    4. Upload your certificate (e.g. Cert.pfx or Cert.p12).
    5. Set the password.
    6. Click Save.
      You will find that the web console cannot be opened.
    7. Log on to the IWSVA server using the "root" account via the command line.
    8. Navigate to the /usr/iwss/AdminUI/tomcat/conf/ folder.
    9. Modify the server.xml file by adding the "keystoreType="pkcs12"" entry for port 8443 and port 9091.
      <Connector port="8443" connectionLinger="60000" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" maxThreads="15" minSpareThreads="3" maxSpareThreads="8" enableLookups="true" disableUploadTimeout="true" connectionTimeout="900000" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreType="pkcs12" keystoreFile="keystore" keystorePass="password" SSLEnabled="true"/>
      <Connector port="9091" connectionLinger="60000" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" maxThreads="15" minSpareThreads="3" maxSpareThreads="8" enableLookups="true" disableUploadTimeout="true" connectionTimeout="900000" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreType="pkcs12" keystoreFile="keystore" keystorePass="password" SSLEnabled="true"/>
    10. Restart the web console using the following command:
      # /etc/iscan/S99IScanHttpd restart

You should be able to open web console again and use the uploaded certificate.

Change the PKCS #12 certificate to JKS format first before importing it into IWSVA:

  1. Use "root" to log on to the IWSVA via command-line.
  2. Navigate to the /usr/iwss/AdminUI/jre/bin folder.
  3. Upload your certificate (e.g. Cert.pfx or Cert.p12) to the /usr/iwss/AdminUI/jre/bin folder.
  4. Run the command below:
    ./keytool -importkeystore -srckeystore Cert.pfx -srcstoretype pkcs12 -destkeystore cert.jks -deststoretype jks
    You can also use the same command to convert Cert.p12 into cert.jks.
  5. Enter the destination and source keystore password. Please make sure both destination\source passwords are the same.
  6. Download the generated cert.jks to the customer's local disk.
  7. Open the IWSVA web console.
  8. Go to Administration > Network Configuration > web console.
  9. Choose SSL mode.
  10. Upload the generated cert.jks file.
  11. Set the password.
  12. Click Save.
  13. Wait for a few minutes for the new settings to take effect.
  14. Log on to the web console.

The certificate should now be replaced successfully.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1115018
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.