How to generate an organization certificate

Modified on Tue, 21 Jun 2022 at 08:20 PM

During the installation, the DLP API created its own self-signed certificate.

in most of the implementations, this will not be kept and will be replaced with the customer's CA-signed certificate, to allow trust in the server from other PCs or servers in the organization

To replace the original certificate with a CA-Signed one :

Ask for the customer to create a certificate in certificate request format (CSR)
Ask for the customer to sign this certificate with the organization's CA
Ask for this certificate to be exported in cer+key format
If for some reason the format needs conversion then perform the following steps in OpenSSL :
1. openssl pkcs12 -in <full path of the pfx file> -nocerts -out certificate_temp.key
2. openssl rsa -in certificate_temp.key -out certificate.key
3. delete the certificate_temp.key file
4. copy the certificate.key to the <OPSWAT Installation Directory>/nginx
5. open cmd, navigate to the openssl installation folder and run the following command:
6. openssl pkcs12 -in<full path of the pfx file> -clcerts -nokeys -out certificate.crt
7. copy the certificate.cert to the destination on server
After the certificate is ready in the wanted format we must name the files : dlpapi.crt and dlpapi.key
On the DSI server navigate to the following directory: "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
Change the existing files
1. From : dlpapi.crt and dlpapi.key
2. To : dlpapi.crt.old and dlpapi.key.old
Copy over the files dlpapi.crt and dlpapi.key that we created to the directory : "[Drive:]\Program Files (x86)\Bulwarx\DLP Api\cert"
Open Services.msc -> Standard -> restart [Bulwarx DLP Api] service
Open the website to confirm proper function, URL will be: https://servername.domain:8081 Do not try to surf to localhost as this will result in certificate error!
Send a file to be Scanned to test the proper function of the system
Check for proper certificate and that there are no errors.