DLP How to renew Enterprise Manager self signed certifcate
Originally Published: 2015-10-21
Article Number
Applies To
RSA Product/Service Type: Data Loss Prevention, Enterprise Manager
RSA Version/Condition: 9.6, 9.6 SP1, 9.6 SP2
Platform: Windows
Platform(Other): Java/JRE 7
O/S Version: 2003 SP2, 2008 R2
Issue
Tasks
Resolution
The instruction set out below assumes the path of Enterprise Manager install directory and Java directory where:
- {Install Dir} is the path to Enterprise Manager (e.g. C:\Program Files (x86)\)
- {Path of Java} is the path where Java is installed (e.g. C:\Program Files (x86)\RSA\JRE\ or C:\Program Files\Java\jre1.7.0_25\)
- Keystore password tablusem <Set name=”password”> and <Set name=”keyPassword”> respectively as determined in configuration file named tem-jetty.xml on the Enterprise Manager machine, located in the etc directory (e.g. C:\Program Files (x86)\Enterprise Manager\etc\).
- Back up the keystore
To safeguard the last-known working version of the Enterprise Manager keystore, it is important to back it up before renewing or generating certificates. The keystore file is normally located in the C:\Program Files (x86)\RSA\Enterprise Manager\etc directory.
Open a command prompt and go to {Install Dir}\Enterprise Manager\etc, then type:
Open a command prompt and go to {Install Dir}\Enterprise Manager\etc, then type:
copy /v tem-keystore tem-keystore.backup
- Stop Enterprise Manager service
At the command prompt, type:
sc stop RSAEnterpriseManager
- Delete the old certificate
At the command prompt, type:
{Path of Java}\bin\keytool -delete -alias jetty -keystore tem-keystore -storepass tablusem
- Create and install the self signed certificate
At the command prompt, type:
{Path of Java}\bin\keytool -genkey -keyalg RSA -alias jetty -dname "CN=host-dns" -validity days -keystore tem-keystore -storepass tablusem -keypass tablusem
- Start Enterprise Manager service
At the command prompt, type:
sc start RSAEnterpriseManager
- Test the certificate
Use a web browser to connect to Enterprise Manager as you normally would using the HTTPS address of the Enterprise Manager host machine.
Related Articles
Unable to renew certificate after clicking on a link to auto-renew-certificate.xuda page in email notification Number of Views Unable to renew certificate from web enrollment server Number of Views How to renew SSL server certificates with RSA Certificate Manager Number of Views How to renew DLP Network Controller Certificate Number of Views How to renew a user certificate that is about to expire Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
