How do I create a Server Certificate Key Pair in VigilEnt Policy Center? (NETIQKB30353)

  • 7730353
  • 02-Feb-2007
  • 07-Jan-2008

Resolution

goal
How do I create a Server Certificate Key Pair in VigilEnt Policy Center?

fact
VigilEnt Policy Center 2.1

fact
VigilEnt Policy Center 2.1 SP2

fact
VigilEnt Policy Center 2.1 SP3

fact
VigilEnt Policy Center 2.1 SP4

fact
VigilEnt Policy Center 2.1 SP6

fix

Perform the following steps to replace the demo server certificate with a server certificate that is issued by a CA (certificate authority).

  1. Create a server certificate key pair.

  2. Because a certificate is more likely to be trusted if it is signed by a CA, create a Certificate Signing Request (CSR).

  3. Import a certificate from the CA.

Note:  After adding or deleting a digital certificate, the shortcut from the Start menu will no longer work and a new shortcut must be created.


To create a Server Certificate Key pair, follow these steps:

  1. Access the following directory:

    VigilEnt Policy Center\server\conf\

  2. Click keystore.dat, and then click the Delete icon. A verification message is displayed.

  3. Click Yes and the demo server certificate is removed.

  4. At a command or shell prompt, change to the install_folder\bin.

  5. Type the following:

    ssikey create

    The system prompts for the server name (first name, last name), organizational unit (for example, ?IT,? ?Sales,? or ?R&D?), organization name (for example, your company name), city, state, and two-letter country code.

  6. Enter the appropriate information, all in lowercase, after each prompt.


When prompted for a first and last name, enter the fully-qualified name of the Web site that is to be secured. If the console is running on the host where the Admin Agent and Local Agent are installed, use localhost as the fully-qualified name.

The system displays a message confirming that a 1024-bit RSA key pair and self-signed certificate (MD5 with RSA) were generated.

Caution: Do not use commas in any of the prompts. Some of the trusted Certificate Authorities have problems with values that contain commas.

note

For information about how to create a Certificate Signing Request, refer to the following knowledge base article.

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30349

For information about how to import a certificate from the CA, refer to the following knowledge base article.

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30390

Additional Information

Formerly known as NETIQKB30353