Renewing SSL Certificates for Forcepoint Software

Summary

Commands for generating a new CSR from an expiring certificate.

Notes and Warnings

Note This command can be used to create a new CSR for any Forcepoint product.

Problem

The Forcepoint Security Manager and Content Gateway both use a Certificate Authority-signed SSL certificate.

The certificates for these products are expiring soon. How do I renew these certificates with the same previously used Certificate Authority?

Solution

You need the following items to renew Forcepoint product certificates:

The Public Certificate that is expiring.
The Private Key for the Public Certificate.
The password for the Private Key.

The following command reads the private key (private.key) and existing certificate (oldcert.pem). It generates a new certificate request (newcsr.csr) using the information in the old certificate.

openssl x509 -x509toreq -signkey private.key -out newcsr.csr -in oldcert.pem

For signing, send the new CSR to the Certificate Authority.

To import the signed certificate into your Forcepoint product, refer to Forcepoint Knowledge Base Articles.

How to create and install a new server certificate into TRITON EIP infrastructure
How to import a third-party server certificate into TRITON EIP infrastructure (For creating or importing a new certificate on a V-Series appliance.)
Creating a subordinate CA

When updating the EIP Infrastructure certificate on the Forcepoint Management Server, use the steps below.

Stop Websense TRITON Web Server service.
Backup expired or expiring certificates at \Websense\EIP Infra\apache\conf\keystore\httpd\HTTPD-SERVER.CER
Replace existing HTTPD-SERVER.CER with signed certificate from this KB
Start Websense TRITON Web Server service.

Related Articles
Forcepoint NGFW Security Management Center 6.10.x Resolved and Known Issues
Summary Resolved and known issues for Forcepoint NGFW Security Management Center (SMC) 6.10 releases. Problem This article is divided into two sections: Known Issues – Important information about known issues of high or medium rating that are ...
Converting and Installing a Corporate CA Signed PFX Server Certificate for the Forcepoint Management Infrastructure (EIP)
Summary Describes how to convert a PFX server certificate for EIP use. Notes and Warnings Note This article is intended as a supplementary article to How to Create and Install a New Server Certificate for the Forcepoint Management Infrastructure. ...
How to Create and Install a New Server Certificate for the Forcepoint Management Infrastructure
Summary Steps provided to utilize a 3rd party signed certificate. Notes and Warnings The following information describes editing the registry. Before proceeding, backup the registry, and be sure you understand how to restore the registry if a problem ...
How to create and install a new server certificate in TRITON or Forcepoint Infrastructure using Open SSL
Summary outlines steps on how to create and install a new server certificate Problem I want to create a new TRITON or Forcepoint management console certificate, signed by either an internal or external certificate authority. How do I use OpenSSL in ...
Forcepoint Downloads, Installers and Hotfix Information
Summary Information regarding Forcepoint hotfix installers. Notes and Warnings You must have a valid login for Forcepoint in order to view the Downloads section. Note Forcepoint Technical Support always recommends to install the latest hotfix that ...

Renewing SSL Certificates for Forcepoint Software

Renewing SSL Certificates for Forcepoint Software

Related Articles

Forcepoint NGFW Security Management Center 6.10.x Resolved and Known Issues

Converting and Installing a Corporate CA Signed PFX Server Certificate for the Forcepoint Management Infrastructure (EIP)

How to Create and Install a New Server Certificate for the Forcepoint Management Infrastructure

How to create and install a new server certificate in TRITON or Forcepoint Infrastructure using Open SSL

Forcepoint Downloads, Installers and Hotfix Information