Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Changing the Deep Security Relay (DSR) Web Service to use a high security algorithm certificate

    • Updated:
    • 26 Sep 2016
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Windows 2008 Standard 64-bit
    • Windows 7 64-Bit
Summary

When you are using Nessus network vulnerability scanner to check web applications, it detects the DSR port 4122 to have security issues like the following:

  • Weak hashing algorithm
  • RSA keys are less than 2048 bits

Existing SSL certificate

In order to meet the security criteria, you can enhance the DSR using a high security algorithm.

Details
Public

To set a high security algorithm in DSR:

  1. Generate the DSR private key and certificate request file (.CSR) using OpenSSL tool.
  2. Rename the output files to "ds_relay.key" for the private key and "ds_relay.csr" for the CSR file.
  3. Send the certificate request file (ds_relay.csr) to the third-party vendor or Domain Certificate server to generate base-64 encoded X.509 certificate file.
  4. Get the SSL certificate file (.CER) and rename it to ds_relay.pem.
  5. On the DSR machine, run the following command to disable the self-protection:

    \dsa_control -s=0

  6. Stop the following services:
    • Trend Micro Deep Security Agent
    • Trend Micro Solution Platform
  7. Back up the original ds_relay.key and ds_relay.pem files from the DSR. By default, the files are located in C:\ProgramData\Trend Micro\Deep Security Agent\relay\.
  8. Replace the existing ds_relay.key and ds_relay.pem files using the following:
    • ds_relay.key generated in Step 2
    • ds_relay.pem generated in Step 4
  9. Start the following services:
    • Trend Micro Deep Security Agent
    • Trend Micro Solution Platform
  10. Verify the component updates from Deep Security Agent to ensure it can successfully get updates from DSR.

After the procedure, the new SSL certificate is now SHA256 RSA 2048 bits:

High security algorithm

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1115361
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.