Symptom:
The Forcepoint Security Manager shows a certificate warning when trying to access it
Cause:
This is caused by the fact that the default installation of the FSM uses a self-signed certificate for the management portal which is not trusted by the users.
Solution:
Please do the following create a CSR and apply a domain certificate to the management server:
- Connect to the Forcepoint Security Manager server via RDP
- Open the command line (Start > run > cmd) and navigate to the following path:
Run the following commands to generate a strong key and corresponding CSR:
Substitute the appropriate path for the default path shown in the example, and provide the following information when prompted:Fill in all the required details for the CSR
Open the server.csr file created in step 3 & 4, copy the certificate request section
Go to your domain CA requests website (usually https://ca-name/certsrv)
Pick Request Certificate > Advanced Certificate Request and paste the request in the correct field.
Pick a Web Server certificate template according to your organization's policy
Under attributes, you can add the Subject Alternative Names for your request, allowing the certificate to validate more then just the CN:
your final request should look similar to this:
Click submit and download the DER certificate format
Rename the file to server.cer and transfer the certificate back to the server to the same folder as your key, e.g
At this point, you should have 3 files in the bin folder: server.key, server.csr & server.cer
Use the following command to strip the key from its encryption:
Convert the DER certificate to PEM:
Transfer both the server.pem & server-nocrypt.key to the following folder:
Rename the existing certificate and key files to .old:
- Rename your new files to the correct file names:
Restart the Forcepoint web management services (Websense TRITON Web Server & Websense TRITON Unified Security Center):
Access the web management URL via the CN or one of the configured SAN and make sure the certificate is no longer invalid:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article