Activating secure manual authentication

Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x

Related topics:

Manual authentication

Setting authentication rules for specific machines

Secure manual authentication

Generating keys and certificates

Accepting the certificate within the client browser

Stop Filtering Service (see Stopping and starting web protection services).

Navigate to the installation directory on the Filtering Service machine (by default, C:\Program Files\Websense\Web Security\bin or /opt/Websense/bin/).

Locate eimserver.ini and make a backup copy of the file in another directory.

Open the original INI file in a text editor.

Find the [WebsenseServer] section, and then add the line:

SSLManualAuth=on

To use secure block pages, also add the following line. (See Secure block pages.)

SSLBlockPage=on

Below the previous line, add the following:

SSLCertFileLoc=[path]

Replace [path] with the full path to the SSL certificate, including the certificate file name (for example, C:\secmanauth\server.crt).

Also add:

SSLKeyFileLoc=[path]

Replace [path] with the full path to the SSL key, including the key file name (for example, C:\secmanauth\server.key).

Save and close eimserver.ini.

Start Websense Filtering Service.

After starting, Filtering Service listens for requests on the default secure HTTP port (15872).

If secure block pages are enabled (see Secure block pages), Filtering Service listens on a default secure HTTPS port (15871). If client requests to Filtering Service will pass through the Content Gateway proxy, this port should be added to the list of Tunnel Ports in the Content Gateway configuration. (See Content Gateway Help.)

The preceding steps ensure secure communication between the client machine and web protection software. To also secure communication between web protection software and the directory service, make sure that Use SSL is selected on the Settings > General > Directory Services page. See Advanced directory settings for details.