-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
Created On
byJosh Kee
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
You are here:
- KB Home
- Symantec Articles
- Symantec DLP Enforce
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
< Back
Keytool.exe location
- Windows:
- 14.x and 15.0:
<DRIVE>:\SymantecDLP\jre\bin - 15.1:
<DRIVE>:\Program Files\Symantec\Data Loss Prevention\Server JRE\1.8.0_162\bin\ - 15.5:
<DRIVE>:\Program Files\Symantec\DataLossPrevention\ServerJRE\1.8.0_181\bin\
- 14.x and 15.0:
- Linux:
- 14.x and 15.0:
/opt/SymantecDLP/jre/bin/ - 15.1:
/opt/Symantec/DataLossPrevention/Enforce Server/15.1/jre/bin/ - 15.5:
/opt/Symantec/DataLossPrevention/ServerJRE/1.8.0_181/bin
- 14.x and 15.0:
Note: On Linux, execute ./keytool
.keystore location
- Windows:
- 14.x and 15.0:
<DRIVE>:\SymantecDLP\Protect\tomcat\conf\ - 15.1:
<DRIVE>:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat\conf\ - 15.5
: <DRIVE>:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\conf\
- 14.x and 15.0:
- Linux:
- 14.x and 15.0:
/opt/SymantecDLP/Protect/tomcat/conf - 15.1:
/opt/Symantec/DataLossPrevention/Enforce Server/Protect/tomcat/conf - 15.5:
/opt/Symantec/DataLossPrevention/EnforceServer/Protect/tomcat/conf
- 14.x and 15.0:
Notes:
- In Linux, all commands must be executed as root.
- In Windows, all commands need to be executed via CLI with Admin access.
- Command to see the hidden “.keystore” file: ls -la
- As per the DLP Admin Guide (p. 151 in 15.7 version), the Tomcat store uses a X.509 certificate must be provided in Distinguished Encoding Rules (DER) format – which is a .cer file.
- The instructions below involve chained certs, when the Root or Intermediate CAs are required – i.e., “the Signed” certificate. The format of using a .p7b file therefore applies in that instance – otherwise, the cert is unsigned, and one would simply import the .cer file.
Resolution
- Back up existing keystore.
- Windows command:
copy <14.x/15.0/15.1/15.5 file path>\.keystore<14.x/15.0/15.1/15.5 file path>\keystore.bkup- 14.x and 15.0:
C:\Protect\tomcat\conf - 15.1:
C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat\conf - 15.5:
C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\conf
- 14.x and 15.0:
- Linux command: cp <14.x\15.0\15.1\15.5 file path>/.keystore <14.x\15.0\15.1\15.5 file path>/keystore.bkup
- 14.x and 15.0:
/opt/SymantecDLP/protect/tomcat/conf - 15.1:
/opt/Symantec/DataLossPrevention/Enforce Server/15.1/Protect/tomcat/conf - 15.5:
/opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/conf
- 14.x and 15.0:
- Windows command:
- Generate a new keystore file with the required parameters, and register the certificate.
- Windows command:
<14.x\15.0\15.1\15.5 file path>\keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore \SymantecDLP\jre\bin\.keystore -validity 365 -storepass protect -dname "CN=SERVERNAME, OU=DLP, O=SYMANTEC, L=Cupertino, ST=California, C=US"- 14.x and 15.0 keytool path:
C:\SymantecDLP\jre\bin - 15.1 keytool path:
C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\jre\bin - 15.5 keytool path:
C:\Program Files\Symantec\DataLossPrevention\ServerJRE\1.8.0_181\bin 14.x and 15.0 .keystore path
- 14.x and 15.0 keytool path:
- Windows command:
- Generate a CSR file
\SymantecDLP\jre\bin\keytool -certreq -alias tomcat -keyalg RSA -keystore .keystore -storepass protect -file "VontuEnforce.csr"
- Send VontuEnforce.csr to CA admin, so they can generate a chained cert file in the current format.
- Copy the VontuEnforce.p7b chained cert file to
\SymantecDLP\jre\bin\. - Import the chained certificate.
\SymantecDLP\jre\bin\keytool -import -alias tomcat -keystore \SymantecDLP\jre\bin\.keystore -trustcacerts -file \SymantecDLP\jre\bin\VontuEnforce.p7b- Enter the keystore password.
- Top-level certificate in reply:
Owner: XXXXXX
Issuer: XXXXXX
Serial number: XXXXXX
Valid from: XXXXXX until: XXXXXX
Certificate fingerprints:
MD5: **Deleted**
SHA1: **Deleted**
… is not trusted. Install reply anyway? [no]:
- Top-level certificate in reply:
- Type Y or YES and press ENTER.
- Certificate reply was installed in keystore.
- Copy the .keystore file from the source to its final destination.
copy \SymantecDLP\jre\bin\.keystore \Protect\tomcat\conf\.keystore
- Restart the Vontu Manager (14.x and 15.0) or Symantec DLP Manager (15.1 and 15.5) service.
NOTE:
If you change the keystore password from the default, ‘protect’ when generating a new keystore, you must update the password values in the following two files:
-
- <InstallPath>\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\conf\server.xml
- <Certificate certificateKeystoreFile=”${catalina.base}/conf/.keystore” certificateKeystorePassword=”protect”/>
- <InstallPath>\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\config\Protect.properties
- # keystore password
com.vontu.manager.tomcat.keystore.password = protect
- # keystore password
- <InstallPath>\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\conf\server.xml
Was this article helpful?
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |