Article Number 000007056

Title How to create and install a new server certificate in TRITON or Forcepoint Infrastructure using Open SSL

Summary outlines steps on how to create and install a new server certificate

Notes & Warnings

Information

Internal Information

Please contact the Technical Escalations Group in Support to get instructions for that version.

Creating and installing a certificate for version 8.0.0 resulted in the Infrastructure and Data Security Web Server services not being able to start after certificate installation with Error 1067: The process terminated unexpectedly.

For version 8.0.0, follow the Internal steps in this knowledge article, then perform the following steps afterwards. (Note that these instructions contain a potential security breach, which the customer should be made aware of before proceeding.)

Remove the password from the server private key (httpd-server.key):

openssl rsa -in httpd-server.key -out httpd-server.key.raw 
copy httpd-server.key httpd-server.withpass 
ren httpd-server.key httpd-server.key.bak 
ren httpd-server.key.raw httpd-server.key

Comment out SSLPassPhraseDialog in HTTPD's ssl configuration file (C:\Program Files (x86)\Websense\Web Security\apache\conf\extra\httpd-ssl.conf)
Restart EIP's web server

The issue is the result of difficulties reading a key with a password. It is resolved in v8.0.1 by following the procedure in the above article.

Changelog Reviewed by Lee Kahler 10-AUG-2015 - no changes needed.
Reviewed by Daniel Santiago 10/21/2015 - added note to step 5 on how to correctly use the -config switch for the openssl executable and showcased the commands by using the "code" button on the edito to avoid confusion as the previous edit used bullet points and when copy pasting if you weren't careful it could make it into the command itself
Reviewed by Luke Newton 10/21/2015 - No changes needed, changes were made already.
Reviewed by Daniel Santiago 11/26/2015 - moved internal information to internal section, added/highlighted warnings
Reviewed by Tommy Chew 2015-12-22 - no changes required
Reviewed by Daniel Santiago 09/29/2016 - added additional notes to notes section for possible hurdles while following KB
Reviewed by Daniel Santiago 12/13/2016 - added step 7 when installing as a reminder of where the resulting files should reside. and also edited step 8 of creation tip for generating a stronger cert as well
Reviewed by Daniel Santiago 04/19/2017 - added explanation for BLS.exe's purpose and amended installation instructions to include why the files need to be named a specific way and how to deal with unencrypted keys.
Reviewed by Daniel Santiago 06/13/2017 - clearly marked CSR and INSTALL sections as Customers keep unnecessarily making CSRs for certs that are already signed
Reviewed By Cynthiya Razeen 26/10/2017 - case 03558986 - having special characters while setting the password caused an issue, please avoid special characters
1/4/19 -- Added v8.5 following engineering review. LCP
31/05/24 fixed broken link, added topics

Transcription

Show in External Featured Content

URL Name	create-install-new-server-certificate-TRITON-Infrastructure

External Link	https://support.forcepoint.com/s/article/create-install-new-server-certificate-TRITON-Infrastructure

Created By	SCM Data Migration

Case Number

Internal Link	https://support.forcepoint.com/articles/Knowledge/create-install-new-server-certificate-TRITON-Infrastructure

Last Modified By	Mathew Sebastian