Resolution
How do I create a Server Certificate Key Pair in VigilEnt Policy Center?
fact
VigilEnt Policy Center 2.1
fact
VigilEnt Policy Center 2.1 SP2
fact
VigilEnt Policy Center 2.1 SP3
fact
VigilEnt Policy Center 2.1 SP4
fact
VigilEnt Policy Center 2.1 SP6
fix
Perform the following steps to replace the demo server certificate with a server certificate that is issued by a CA (certificate authority).
- Create a server certificate key pair.
- Because a certificate is more likely to be trusted if it is signed by a CA, create a Certificate Signing Request (CSR).
- Import a certificate from the CA.
Note: After adding or deleting a digital certificate, the shortcut from the Start menu will no longer work and a new shortcut must be created.
To create a Server Certificate Key pair, follow these steps:
- Access the following directory:
VigilEnt Policy Center\server\conf\
- Click
keystore.dat
, and then click the Delete icon. A verification message is displayed. - Click Yes and the demo server certificate is removed.
- At a command or shell prompt, change to the
install_folder\bin
. - Type the following:
ssikey create
The system prompts for the server name (first name, last name), organizational unit (for example, ?IT,? ?Sales,? or ?R&D?), organization name (for example, your company name), city, state, and two-letter country code.
- Enter the appropriate information, all in lowercase, after each prompt.
When prompted for a first and last name, enter the fully-qualified name of the Web site that is to be secured. If the console is running on the host where the Admin Agent and Local Agent are installed, use localhost as the fully-qualified name.
The system displays a message confirming that a 1024-bit RSA key pair and self-signed certificate (MD5 with RSA) were generated.
Caution: Do not use commas in any of the prompts. Some of the trusted Certificate Authorities have problems with values that contain commas.
note
For information about how to create a Certificate Signing Request, refer to the following knowledge base article.
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30349
For information about how to import a certificate from the CA, refer to the following knowledge base article.
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30390