How to generate an organization certificate

Modified on Tue, 21 Jun, 2022 at 8:20 PM

During the installation, the DLP API created its own self-signed certificate.

in most of the implementations, this will not be kept and will be replaced with the customer's CA-signed certificate, to allow trust in the server from other PCs or servers in the organization 

To replace the original certificate with a CA-Signed one : 

  1. Ask for the customer to create a certificate in certificate request format (CSR) 
  2. Ask for the customer to sign this certificate with the organization's CA
  3. Ask for this certificate to be exported in cer+key format
  4. If for some reason the format needs conversion then perform the following steps in OpenSSL : 
    1. openssl pkcs12 -in <full path of the pfx file> -nocerts -out certificate_temp.key
    2. openssl rsa -in certificate_temp.key -out certificate.key
    3.  delete the certificate_temp.key file
    4. copy the certificate.key to the <OPSWAT Installation Directory>/nginx
    5. open cmd, navigate to the openssl installation folder and run the following command: 
    6. openssl pkcs12 -in<full path of the pfx file> -clcerts -nokeys -out certificate.crt    
    7. copy the certificate.cert to the destination on server
  5. After the certificate is ready in the wanted format we must name the files : dlpapi.crt and dlpapi.key
  6. On the DSI server navigate to the following directory: "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
  7. Change the existing files 
    1. From : dlpapi.crt and dlpapi.key 
    2. To : dlpapi.crt.old and dlpapi.key.old
  8. Copy over the files dlpapi.crt and dlpapi.key that we created to the directory :  "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
  9. Open Services.msc -> Standard -> restart [Bulwarx DLP Api] service
  10. Open the website to confirm proper function, URL will be: https://servername.domain:8081  Do not try to surf to localhost as this will result in certificate error!
  11. Send a file to be Scanned to test the proper function of the system
  12. Check for proper certificate and that there are no errors.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article