Creating the Endpoint SSL Identity

For the Forcepoint F1E agent to be able to securely communicate with your Outlook Email client, the Endpoint must be given an SSL identity, and the client machine must be set up to trust that identity.

1. Open the configuration file template.
   
   
   
2. Replace the values in angle brackets (<>) with the appropriate information for your organization:
   • Be sure to remove all the angle brackets from the document.
   • Country name can only have a maximum of two characters entered.
   • Values not in angle brackets are defaults and can be left unchanged.
   • The CN must be entered as localhost and the subjectAltName must be entered as DNS:localhost.
3. Once complete, save the file as localhost.config in a directory of your choice.
4. Open a terminal application and cd to the directory you saved the localhost.config file.
5. Run the following command from the same directory to create the key files:

   openssl req -x509 -newkey rsa:4096 -keyout key.pem -out server.pem -sha256 -config localhost.config -days 10950 -nodes

   The command creates the following files:

   • key.pem: Private key for the SSL identity. This file is deployed to the endpoint clients.
   • server.pem: Self-signed certificate for the SSL identity. This file is deployed to the endpoint clients.
6. Run the Websense Endpoint Package Builder on the management server and create new MAC Endpoint installation package.
7. Unzip the new mac Endpoint Installer FORCEPOINT-ONE-ENDPOINT-Mac.zip.
8. To place both PEM files in the same directory of the WebsenseEndpoint.pkg file, copy server.pem and key.pem into the newly created Endpoint Mac Installer in directory \FORCEPOINT-ONE-ENDPOINT-Mac\EndpointInstaller\.
9. Zip folder back up again.
10. Install the new package on the Mac clients.
11. Optional: If you plan to install the agent via Jamf, then you must convert the certificate to its binary encoded DER format.