During the installation, the DLP API created its own self-signed certificate.

in most of the implementations, this will not be kept and will be replaced with the customer's CA-signed certificate, to allow trust in the server from other PCs or servers in the organization 


To replace the original certificate with a CA-Signed one : 

  1. Ask for the customer to create a certificate in certificate request format (CSR) 
  2. Ask for the customer to sign this certificate with the organization's CA
  3. Ask for this certificate to be exported in cer+key format
  4. If for some reason the format needs conversion then perform the following steps in OpenSSL : 
    1. openssl pkcs12 -in <full path of the pfx file> -nocerts -out certificate_temp.key
    2. openssl rsa -in certificate_temp.key -out certificate.key
    3.  delete the certificate_temp.key file
    4. copy the certificate.key to the <OPSWAT Installation Directory>/nginx
    5. open cmd, navigate to the openssl installation folder and run the following command: 
    6. openssl pkcs12 -in<full path of the pfx file> -clcerts -nokeys -out certificate.crt    
    7. copy the certificate.cert to the destination on server
  5. After the certificate is ready in the wanted format we must name the files : dlpapi.crt and dlpapi.key
  6. On the DSI server navigate to the following directory: "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
  7. Change the existing files 
    1. From : dlpapi.crt and dlpapi.key 
    2. To : dlpapi.crt.old and dlpapi.key.old
  8. Copy over the files dlpapi.crt and dlpapi.key that we created to the directory :  "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
  9. Open Services.msc -> Standard -> restart [Bulwarx DLP Api] service
  10. Open the website to confirm proper function, URL will be: https://servername.domain:8081  Do not try to surf to localhost as this will result in certificate error!
  11. Send a file to be Scanned to test the proper function of the system
  12. Check for proper certificate and that there are no errors.