TRITON - Web Security SSL certificates

Topic 50141 / Updated: 10-Jun-2010

Applies To:

Websense Web Filter 7.5 Websense Web Security 7.5

TRITON - Web Security uses Secure Sockets Layer (SSL) encryption to secure administrative sessions using a default SSL certificate, signed by Websense, Inc., that is created during installation.

A certificate consists of a public key, used to encrypt data, and a private key, used to decipher data. Certificates are issued by a Certificate Authority (CA). You can generate a self-signed certificate using a number of free or low-cost tools, or obtain a client certificate from any third-party CA, such as VeriSign.

You have the option to generate a custom certificate to replace the one provided by default. This can be used, for example, to:

Substitute a host name or DNS alias for the default IP address.

On a multi-homed machine, use a different IP address than the default.

Specify a new Certificate Authority.

You can use tools installed with Windows versions of TRITON - Web Security to generate the new certificate, or use other certificate-generation tools. Whichever method you choose, you will need to generate 4 files:

File	Description	Location
server.crt	Certificate file	Websense\apache\conf\ssl\ssl.crt
server.key	Public key file	Websense\apache\conf\ssl\ssl.key
manager.p12	Key store file (holds the private key)	Websense\tomcat\conf\keystore\tomcat
cert.txt	Used for automated certificate installation via the TRITON logon page	Websense\Manager\OnlineHelp\en\certificateSupport\cert.txt

See Generating self-signed SSL certificates for instructions detailing how to use the tools installed with TRITON - Web Security to generate custom certificates.