Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
How to replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate? - F-Secure Community
<main> <article class="userContent"> <h3 data-version="3" data-article="000021509" data-id="issue">Issue:</h3> <p>How can I replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate?</p> <h3 data-id="resolution">Resolution:</h3> <p></p><p>Assume that you have:</p> <ul><li>The signed or maybe self-signed certificate (with full chain of intermediate CA) and private key for it inside PKCS12 Keystore.</li><li>It is protected with password "<i>srcpassword</i>"</li><li>Your certificate and the private key are referenced by name (alias) "<i>server</i>".</li><li>The Keystore file is "<i>server.p12</i>" and it is located in the same directory as "<i>fspms.jks</i>".</li></ul><p>Steps to replace the default Policy Manager certificate:</p> <ol><li>Launch an elevated command prompt</li><li>Go to the directory where "fspms.jks" is located by typing the following command:</li></ol><ul><li> <pre class="code codeBlock" spellcheck="false" tabindex="0"><br><i>"C:\Program Files (x86)\F-Secure\Management Server 5\jre\bin\keytool" -importkeystore <br>-destkeystore fspms.jks -deststorepass superPASSWORD -destalias fspms -destkeypass superPASSWORD <br>-srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass srcpassword -srcalias server</i></pre> </li></ul><ol start="3"><li>You are replacing the certificate in "fspms.jks" so the following message will appear:</li></ol><ul><li> <pre class="code codeBlock" spellcheck="false" tabindex="0"><br><i>Existing entry alias server exists, overwrite? [no]:</i></pre> </li></ul><ol start="4"><li>Type "yes" and hit enter.</li><li>Restart the Policy Manager server to start using the new certificate.</li></ol><p><b>NOTE</b>: When you execute the importkeystore command pay attention to "-destkeypass", it should be the same as "-deststorepass". If you forget to insert proper "-destkeypass", the command can complete successfully but problems on Policy Manager server startup may occur.</p> <p>Article no: 000021509</p> </article> </main>