Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Applying signed certificate for EUQ load balancer in InterScan Messaging Security Virtual Appliance (IMSVA) 9.1

    • Updated:
    • 22 Aug 2017
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 9.1
    • Platform:
    • Bare Metal N/A
    • CentOS 5.6 64-bit
    • VMware ESX - 5.0
Summary

After following page 13-16 of the IMSVA Administrator's Guide to create a CSR and import the signed certificate, you will only have option to assign the certificate to EUQ console.

On a parent-child setup, you will be using port 8446 (EUQ load balancer) to access the EUQ console and you will see that it's still using the default certificate. To fix this issue, you can convert the EUQ console certificate to JFK format and manually replace the default EUQ load balancer certificate.

Details
Public

Follow these steps:

  1. Log on to Parent IMSVA as "root" using PuTTY or similar tool.
  2. Copy the signed certificate and the private key to tmp folder.

    cp /opt/trend/imss/UI/apache/conf/ssl.key/euq.server.key /tmp/euq.server.key
    cp /opt/trend/imss/UI/apache/conf/ssl.crt/euq.server.crt /tmp/euq.server.crt

  3. Convert the wild card cert to pkcs12 format.

    /opt/trend/imss/bin/openssl pkcs12 -export -out /tmp/euq.server.p12 -inkey /tmp/euq.server.key -in /tmp/euq.server.crt

  4. Check the alias shown on the pkcs12 certificate. It will be used when importing the certificate and private key to the keystore.

    keytool -list -keystore /tmp/euq.server.p12 -storetype pkcs12

     
    To be able run the keytool, change first to the directory /opt/trend/imss/UI/javaJRE/bin.
  5. Import the certificate to keystore.

    keytool -importkeystore -srckeystore /tmp/euq.server.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore /tmp/keystore -deststoretype jks -destalias tomcat

  6. Copy the keystore to the tomcat directory.

    cp /tmp/keystore /opt/trend/imss/UI/tomcat/sslkey/keystore

  7. Edit /opt/trend/imss/UI/euqui/conf/server.xml and add keystorePass="trendimsva" under 8446. Look for 8446.

    vi /opt/trend/imss/UI/euqUI/conf/server.xml

  8. Make sure that it uses the keystore that you created. Please refer to the highlighted information below.

    maxThreads="150" minSpareThreads="25"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="sslkey/keystore" keystorePass="trendimsva"

  9. Press 'Esc' and type :wq! to exit. Save the changes.
  10. Copy the signed certificate and keystore from Parent IMSVA to Child IMSVA. Below are the locations of the certificate and the keystore:

    /opt/trend/imss/UI/apache/conf/ssl.key/euq.server.key
    /opt/trend/imss/UI/apache/conf/ssl.crt/euq.server.crt
    /opt/trend/imss/UI/tomcat/sslkey/keystore

  11. After copying those files to Child, restart the EUQ service on both Parent and Child. Use the following command:
    S99EUQ restart.
  12. Try to log on to the EUQ console at port 8446 to verify if it's using the signed certificate.
Premium
Internal
Rating:
Category:
Troubleshoot; Deploy; Install
Solution Id:
1116644
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.