Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Generating keys and certificates
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Related topics:
A certificate consists of a public key, used to encrypt data, and a private key, used to decipher data. Certificates are issued by a Certificate Authority (CA). You can generate a certificate from an internal certificate server, or obtain a client certificate from any third-party CA, such as VeriSign.
The CA issuing the client certificate must be trusted by web protection software. Typically, this is determined by a browser setting.
There are many tools that you can use to generate a self-signed certificate, including the OpenSSL toolkit (available from openssl.org).
Regardless of the method you choose for generating the certificate, use the following general steps.
1.
For the best browser compatibility, an Elliptic Curve key should be generated using either the secp256r1 (aka P-256) or secp384r1 (aka P-384) named curves.
2.
 
Important 
3.
The certificate should be signed using SHA-256 or a similar algorithm in the SHA-2 family.
4.
Save the server.crt and server.key files in a location that you software can access, and where they can be read by Filtering Service.
a.
openssl ecparam -name secp384r1 -genkey -out <name>.key
openssl req -new -key <name>.key -out <name>.csr
You will be prompted to enter the required data fields for the certificate.
b.
openssl x509 -req -in <name>.csr -out <name>.crt -signkey <name>.key -days <days before expiration> -sha256

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.