Surf Control 5.2.4 Importing Certificates, Exporting Certificates, Certificate Signing Request

Importing Certificates

A default certificate is supplied with RiskFilter but this will need to be renewed when it expires. The Import Certificate feature enables you add a new version to RiskFilter. You can also import a certificate that you have previously exported to a location on your network. or add a new certificate of your own. A custom certificate can be added as long as it is in one of the following formats:

•DER encoding certificate(binary) + private key; ( keypair )

•DER encoding certificate(binary); (no private key)

•Base 64 encoding certificate (text) + base 64 encoding private key with PKCS8; ( keypair )

•Base 64 encoding certificate (text); (no private key)

•Base 64 encoding certificate (text) + base 64 encoding private key with PKCS8 + ASN1; ( keypair ) To import a certificate:

1 Select General > Certificate from the System Settings tab. 2 In the Certificate screen click Import Certificate.

3An Import Certificate File dialog box will appear where you can either enter the path to your certificate or click Browse to navigate to it.

4Once you have located your certificate click Import>>.

Exporting Certificates

It is a good idea to make a backup of the default certificate supplied with RiskFilter. This means that in the event of the certificate on the RiskFilter appliance being corrupted or destroyed, you can simply import your backup copy onto the machine. To do this you need to export your certificate to the network where you can store it in a location of your choice.

To export your certificate:

1Select General > Certificate from the System Settings tab.

2In the Certificate screen click Export Certificate.

3A File Download dialog box will appear enabling you to save the certificate to your network.

4Click Save and save the certificate into a location that can be accessed by the machine that you want to export it to.

Certificate Signing Request

You can export a CSR (Certificate Signing Request) for the default certificate. This contains the public key information which matches the private key installed on RiskFilter. The default directory for this key is:

/opt/riskfilter/smg/conf/serverKeyStore.

If you are renewing your license you will need to export the CSR so that the updated license holds the same information.

To export the CSR:

1Select General > Certificate from the System Settings tab.

2In the Certificate screen click Export CSR.

3A File Download dialog will appear enabling you to save the CSR to your network.

4Click Save and save the CSR into the same location as the default certificate it should accompany.