000031599 - DLP How to check the certificate details of a network device

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000031599
Applies ToRSA Product Set: DLP
RSA Product/Service Type: Data Loss Prevention, Network
RSA Version/Condition: 9.6, 9.6 SP1, 9.6 SP2
Platform: CentOS
O/S Version: EL6
IssueCertificates control secure SSL communication between the DLP Network components - Network Controller, Sensors, Interceptors, and ICAP Servers. 
A certificate is valid for 730 days and then expires or becomes invalid. This article explain the steps to check the certificate detail of a DLP Network components for certificate expiry.
These other types of changes on a DLP Network components will also invalidate a certificate:

  • Resetting the time on any DLP Network components so that its current time shifts out of the range of the certificate start and stop dates.
  • Erasure, removal, or regeneration of the private key on any DLP Network components.
  • Resetting the Network Controller or regenerating or removing its certificates.
To avoid breaking communications among DLP Network components due to invalid certificates, you can regenerate and distribute updated certificates before they expire.
You can regenerate a certificate for a single DLP Network components, for the Network Controller, and for all deployed DLP Network components. 

Refer to DLP 9.6 maintenance guide for instruction on regenerate DLP Network components certificate.
  1. Log on to the Network device as tablus user
User-added image

  1. From the tabmenu Exit to the shell window by selection option 6)  Advanced 
  2. Then select option 1)  Exit to Shell from the tabmenu.
User-added image

  1. Type the following command to display the certificate information (e.g.creation date,  expiration date, etc,,)

keytool -list -v -keystore /opt/tablus/config/keystore -storepass tablus -alias jetty