Go to the table of contents Go to the previous page Go to the next page
Websense Web Security SSL Certificates : Working with a Certificate Authority

If you have installed TRITON - Web Security, your installation includes a copy of OpenSSL, a tool that can be used to generate keys, signing requests, and SSL certificates. The script files installed with the tool (described in Generating self-signed SSL certificates) can be used to generate a local certificate, but may not generate a key strong enough to be accepted by third-party Certificate Authorities.
Because OpenSSL is a third-party product, refer to the OpenSSL documentation (available at openssl.org) for complete information specific to your version of OpenSSL.
The program is located by default in the Websense\apache\conf\ssl\ directory on the TRITON - Web Security machine.
openssl req -out mycsr.csr -pubkey -config "C:\Program Files\Websense\apache\conf\ssl\openssl.cnf" -new -keyout mykey.key -nodes
Substitute the appropriate path for the default Windows path shown in the example, and provide the following information when prompted:
For example, SanDiego.
For example, MyCompany
<server IP address>
The IP address of the TRITON - Web Security machine.
For example, info@mycompany.com.
<challenge password>
4.
Open the request file (in the example, mycsr.csr) and send it to the Certificate Authority (CA).
5.
Use the Windows Certificate Authority's Web-based certificate process to import the certificate request and issue a Web server certificate.
8.
Rename the mycert.pem file to server.crt, and then rename the mykey-nocrypt.key file to server.key.
1.
Move server.crt to the Websense\Apache\conf\ssl\ssl.crt\ directory.
2.
Move server.key to the Websense\Apache\conf\ssl\ssl.key\ directory.
*
Windows: Use the Windows Services dialog box to restart the Apache2Websense and ApacheTomcatWebsense services.
*
Linux: Use the /opt/Websense/WebsenseDaemonControl script to restart TRITON - web.
If you have submitted a certificate signing request (CSR) but received a weak key error, use the following steps to generate a strong key:
The program is located by default in the Websense\apache\conf\ssl\ directory on the TRITON - Web Security machine.



Go to the table of contents Go to the previous page Go to the next page
Websense Web Security SSL Certificates : Working with a Certificate Authority