Generating encryption keys and a CSR

The process for generating encryption keys and a CSR involves the use of the OpenSSL tool, which is available with your installation of Forcepoint Email Security.

You can generate a CSR using the following steps:

Steps

  1. Log on to the Security Manager Email Security module and open a command-line interface as administrator.
  2. Navigate to the installation path (by default, C:\Program Files(x86)\Websense\EIP Infra\apache\bin\openssl).
  3. Execute the following command to create private encryption keys:
    openssl genrsa -des3 -out certificate.key 2048

    In this example command, the private keys are output to a file named certificate.key, and the key size is 2048 bits.

  4. Set a password for the key file when prompted (maximum length is 100 characters).
  5. Use the following command to generate the CSR, which contains the private encryption key file you just created:
    openssl req -new -config "C:\Program Files (x86)\Websense\EIP Infra\apache\conf\openssl.cnf" -key certificate.key -out certificate.csr

    In this example, certificate.csr is the name of the CSR file.

  6. When prompted, enter the password you created in step 3.
  7. Supply the following information when prompted:
    • Country Name (2-letter code), example: US
    • State or Province Name (full name), example: Texas
    • Locality Name (e.g., city), example: Austin
    • Organization Name (e.g., company), example: Forcepoint
    • Organizational Unit (e.g., section), example: Sales
    • Common Name (e.g., server hostname), example: email.forcepoint.com
    • Email Address, example: sales@forcepoint.com
    • Challenge password
    Important: The value for Common Name must match the fully qualified domain name (FQDN) of the email security management server. You may receive certificate errors if you do not specify the FQDN here.
  8. Send your CSR to a CA for signing. Secure your private key file and passwords; you will need them in order to use your certificate.