This article assumes the following system requirements:
Email Quarantine Connect requires the following components:
■ Symantec Data Loss Prevention with a license for Network Prevent for Email
■ Symantec Messaging Gateway
Please review the following articles for added details:
■ Exporting a TLS and HTTPS certificate
■ Methods to add a Certificate Authority signed certificate
■ Importing a Certificate Authority signed certificate
■ Symantec Data Loss Prevention Email Quarantine Connect FlexResponse Implementation Guide
------------------------------------------------------------------------------------------------------
1. Generate Enforce server Keystore and client certificate as protect:
cd /opt/SymantecDLP/jre/bin
./keytool -genkeypair -alias client -keystore certstore.jks -keyalg RSA -validity 3650 -keysize 2048 -dname "CN=enforce_host, OU=organizational unit, O=organization, L=location, S=, C=country" -keypass <password> -storepass <password>
<password> is a password you create to control access to the keystore. Use the same password for both the -keypass and -storepass arguments. Do not lose this password. You use this password in a later step to configure an Enforce Server credential.
2. Export the Enforce server client cert
./keytool -exportcert -alias client -keystore certstore.jks -file client.crt -rfc -storepass <password>
3. IMPORT ENFORCE SERVER CLIENT CERT INTO SMG
4. EXPORT SMG SERVER CERTIFICATE
generate new Self Signed cert in SMG and then copy it to the Enforce server /opt/SymantecDLP/jre/bin
5. Import SMG SSL Cert into Enforce
./keytool -importcert -alias server -keystore certstore.jks -file server.crt -storepass <password> -v -noprompt
6. Copy the certificate store file certstore.jks to /opt/SymantecDLP/Protect/plugins/EmailQuarantineConnect as protect user
7. Create a new "Credentials" on Enforce Management Console which references certstore.jks
System > Settings > Credentials > Add Credential
Credential Name: SMGQuarantineCert
Access Username: certstore.jks
Access Password: <password>
8. Updated the .properties files to point to new cert store certstore.jks
cd /opt/SymantecDLP/Protect/plugins/EmailQuarantineConnectApproved.properties
EmailQuarantineConnectRejected.properties
certificates-store.credential = certstores.jks
9. Restart VontuManager and VontuIncidentPersister services
0 Comments