Installing the Signed Cer0ficate and Key
With the cer)ficate generated by the signing CA and the cer)ficate key, they can now be used
by the Forcepoint Management Infrastructure.
1. Stop and Disable the "Websense TRITON Web Server" service.
2. Backup the exis)ng HTTPD-SERVER.CER and HTTPD-SERVER.KEY files
from"\Websense\EIP Infra\apache\conf\keystore\h?pd".
3. Move the signed cer)ficate and HTTPD-SERVER.KEY file generated earlier to the
"\Websense\EIP Infra\apache\conf\keystore\h?pd" directory. Ensure that the signed
cer)ficate is named "HTTPD-SERVER.CER" and the key is named "HTTPD-SERVER.KEY"
(the case is insensi)ve).
4. Create a backup of the following registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Websense\EIP Infra
5. Open a Command Prompt and navigate to the \Websense\EIP
Infra\apache\conf\keystore\h?pd directory.
6. Type the following command (-inform can be set to PEM or DER depending on the
format of the key you are conver)ng):
..\..\..\bin\openssl.exe pkcs8 -topk8 -out h?pd-server.key.pk8 -in h?pdserver.key -v1 PBE-SHA1-3DES -inform PEM
This converts your .KEY into the necessary PKCS8 format
7. Provide the password for the key and press Enter.
8. Verify that the new key file is created (h?pd-server.key.pk8).
9. From the Command Prompt navigate to \Websense\EIP Infra\apache\bin and execute the
following command:
10. Confirm that h\pd-server.cer, h\pd-server.key, and h\pd-server.key.pk8 are present
within the \Websense\EIP Infra\apache\conf\keystore\h\pd directory.
11. Important Comment out the line containing <SSLCer)ficateChainFile
conf/keystore/h\pd/h\pd-ca.cer> from h\pd-ssl.conf within the \Websense\EIP
Infra\apache\conf\extra folder.
12. Enable and Start the Websense TRITON Web Server service.