![]() |
![]() |
![]() |
Websense Web Security SSL Certificates : Working with a Certificate Authority
|
If you have installed TRITON - Web Security, your installation includes a copy of OpenSSL, a tool that can be used to generate keys, signing requests, and SSL certificates. The script files installed with the tool (described in Generating self-signed SSL certificates) can be used to generate a local certificate, but may not generate a key strong enough to be accepted by third-party Certificate Authorities.Because OpenSSL is a third-party product, refer to the OpenSSL documentation (available at openssl.org) for complete information specific to your version of OpenSSL.
1. Open a command prompt and navigate to the directory containing the openssl executable.The program is located by default in the Websense\apache\conf\ssl\ directory on the TRITON - Web Security machine.openssl req -out mycsr.csr -pubkey -config "C:\Program Files\Websense\apache\conf\ssl\openssl.cnf" -new -keyout mykey.key -nodesSubstitute the appropriate path for the default Windows path shown in the example, and provide the following information when prompted:
If your organization is located in the United States, for example, enter US. For example, SanDiego. For example, MyCompany <server IP address> The IP address of the TRITON - Web Security machine. For example, info@mycompany.com. <challenge password>
4. Open the request file (in the example, mycsr.csr) and send it to the Certificate Authority (CA).
5. Use the Windows Certificate Authority's Web-based certificate process to import the certificate request and issue a Web server certificate.
8. If you have generated this certificate for use with TRITON - Web Security:
1.
2.
![]()
Windows: Use the Windows Services dialog box to restart the Apache2Websense and ApacheTomcatWebsense services.
![]()
If you have submitted a certificate signing request (CSR) but received a weak key error, use the following steps to generate a strong key:
1. Open a command prompt and navigate to the directory containing the openssl executable.The program is located by default in the Websense\apache\conf\ssl\ directory on the TRITON - Web Security machine.
2. Substitute a meaningful name for myrequest.csr.
![]() |
![]() |
![]() |
Websense Web Security SSL Certificates : Working with a Certificate Authority
|