000031560 - DLP How to renew Enterprise Manager self signed certifcate

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031560
Applies ToRSA Product Set: DLP
RSA Product/Service Type: Data Loss PreventionEnterprise Manager
RSA Version/Condition: 9.6, 9.6 SP1, 9.6 SP2

Platform: Windows
Platform(Other): Java/JRE 7 
O/S Version:  2003 SP2, 2008 R2
IssueEnterprise Manager self signed certificate had expired. Certificate maintenance require manual steps to renew the self signed certificate on Enterprise Manager
Tasks 
 
Resolution
The instruction set out below assumes the path of Enterprise Manager install directory and Java directory where:

  • {Install Dir} is the path to Enterprise Manager (e.g. C:\Program Files (x86)\)
  • {Path of Java} is the path where Java is installed (e.g. C:\Program Files (x86)\RSA\JRE\ or C:\Program Files\Java\jre1.7.0_25\)
  • Keystore password tablusem <Set name=”password”> and <Set name=”keyPassword”> respectively as determined in configuration file named tem-jetty.xml on the Enterprise Manager machine, located in the etc directory (e.g. C:\Program Files (x86)\Enterprise Manager\etc\).
  1. Back up the keystore
To safeguard the last-known working version of the Enterprise Manager keystore, it is important to back it up before renewing or generating certificates. The keystore file is normally located in the C:\Program Files (x86)\RSA\Enterprise Manager\etc directory. 
Open a command prompt and go to {Install Dir}\Enterprise Manager\etc, then type:


copy /v tem-keystore tem-keystore.backup


  1. Stop Enterprise Manager service
At the command prompt, type:


sc stop RSAEnterpriseManager


  1. Delete the old certificate
At the command prompt, type:
{Path of Java}\bin\keytool -delete -alias jetty -keystore tem-keystore -storepass tablusem


  1. Create and install the self signed certificate
At the command prompt, type:
{Path of Java}\bin\keytool -genkey -keyalg RSA -alias jetty -dname "CN=host-dns" -validity days -keystore tem-keystore -storepass tablusem -keypass tablusem


  1. Start Enterprise Manager service
At the command prompt, type:
sc start RSAEnterpriseManager


 

  1. Test the certificate
Use a web browser to connect to Enterprise Manager as you normally would using the HTTPS address of the Enterprise Manager host machine. 

 

Attachments

    Outcomes