Issue:
How can I replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate?
Resolution:
Assume that you have:
- The signed or maybe self-signed certificate (with full chain of intermediate CA) and private key for it inside PKCS12 Keystore.
- It is protected with password "srcpassword"
- Your certificate and the private key are referenced by name (alias) "server".
- The Keystore file is "server.p12" and it is located in the same directory as "fspms.jks".
Steps to replace the default Policy Manager certificate:
- Launch an elevated command prompt
- Change the default folder to the directory where "fspms.jks" and import the new trusted certificate using the following commands:
- Policy Manager 15.x:
- cd "C:\Program Files (x86)\F-Secure\Management Server 5\data"
- "C:\Program Files (x86)\F-Secure\Management Server 5\jre\bin\keytool" -importkeystore -destkeystore fspms.jks -deststorepass superPASSWORD -destalias fspms -destkeypass superPASSWORD -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass srcpassword -srcalias server
- Policy Manager 16.x:
- cd "C:\ProgramData\WithSecure\NS\Policy Manager\Policy Manager Server\data"
- "C:\Program Files\WithSecure\Policy Manager\jre\bin\keytool" -importkeystore -destkeystore fspms.jks -deststorepass superPASSWORD -destalias fspms -destkeypass superPASSWORD -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass srcpassword -srcalias server
- You are replacing the certificate in "fspms.jks" so the following message will appear:
- Existing entry alias server exists, overwrite? [no]:
- Type "yes" and hit enter.
- Restart the Policy Manager server to start using the new certificate. Use a Command Prompt to run the commands:
- Policy Manager 15: net stop fsms and net start fsms
- Policy Manager 16: net stop wspms and net start wspms
NOTE: When you execute the importkeystore command pay attention to "-destkeypass", it should be the same as "-deststorepass". If you forget to insert proper "-destkeypass", the command can complete successfully but problems on Policy Manager server startup may occur.
Article no: 000021509