Apr 13
Create Deep Security Manager TLS Certificate

The following includes the steps to create your TLS Deep Security Management website console an authentication certificate in a Windows environment.

  1. Go to the Deep Security Manager installation directory and create a new folder called Backupkeystore.
  2. Copy .keystore and configuration.properties to the newly created folder Backupkeystore.
  3. From a command prompt
    1. Open Cmd as an admin.
      1. cd /d E:\Trend_Micro\Deep_Security_Manager\jre\bin
      2. keytool -genkey -alias tomcat -keyalg RSA -dname cn=dsm.domain
    2. Certificate Signing Request (CSR)
      1. When prompted, enter a password.
  4. There is a new keystore file created under the user home directory. If you are logged in as "Administrator", You will see the.keystore file under C:\Documents and Settings\Administrator.
  5. View the newly generated certificate using the following command.
    1. E:\Trend_Micro\Deep_Security_Manager\jre\bin>keytool -list -v
  6. Run the following command to create a CSR for your CA to sign.
    1. E:\Trend_Micro\Deep_Security_Manager\jre\bin>keytool -certreq -keyalg RSA -alias tomcat -file dsm.domain.csr
  7. Send the certrequest.csr to your CA to sign.  After receiving the serveral options use the .cer or .crt to instal the requested CA, in this case dsm_cert.crt.
  8. Copy the files to E:\Trend_Micro\Deep_Security_Manager\jre\bin\.
  9. Navigate to the E:\Trend_Micro\Deep_Security_Manager\jre\lib\security\ folder and then rename the cacerts file to _cacerts.
  10. Run the following command to import the CA cert in JAVA trusted keystore.
    1. "E:\Trend_Micro\Deep_Security_Manager\jre\lib\security\cacerts>keytool -import -alias root -trustcacerts -file dsm.domain.cer -keystore.
  11. Run the following command to import the CA certificate in your keystore.
    1. keytool -import -alias root -trustcacerts -file dsm.domain.cer.
      1. Selesct YES to warning message.
  12. Run the following command to import the certificate reply to your keystore.
    1. keytool -import -alias tomcat -file dsm.domain.cer.
  13. Run the following command to view the certificate chain in you keystore.
    1. E:\Trend_Micro\Deep_Security_Manager\jre\bin>keytool -list -v
  14. Copy the .keystore file from your user home directory C:\Documents and Settings\Administrator to E:\Trend_Micro\Deep_Security_Manager\.
  15. Open the configuration.properties file in folder E:\Trend_Micro\Deep_Security_Manager using Notepad.
  16. It will look something like.
    1. keystoreFile=C\:\\\\Program Files\\\\Trend Micro\\\\Deep Security Manager\\\\.keystore
      port=4119
      keystorePass=CHANGE THIS
      installed=true
      serviceName= Trend Micro Deep Security Manager
  17. Replace the password in the following string.
    1. keystorePass=xxxx
      where "xxxx" is the password you supplied in step five.
  18. Save and close the file.
  19. Restart the Deep Security Manager service.
  20. Connect to the Deep Security Manager with your browser and you will notice that the new SSL certificate is signed by your CA.

Comments

There are no comments for this post.

 ‭(Hidden)‬ Blog Tools