Create a self-signed certificate for the Forcepoint Security Management Center API

1. Login to your SMC machine.
2. Select Configuration and navigate to Administration.
3. Select Certificates > TLS Credentials.
4. Right-click TLS Credentials, and then select New TLS Credentials.
5. In the Name field, enter a unique name for the certificate.
6. In the Common Name field, enter the fully qualified domain name (FQDN) or the public IP address that the SMC API service uses.
7. Add the same FQDN or IP address that you entered in the Common Name field as the Subject Alternative Name.
8. Click Edit option next to the Subject Alternative Name field.
   • If you have a fully qualified domain name (FQDN), do the following:
     • Click Add
     • Select DNS from the drop-down list in the Type cell,
     • Double-click Value cell, then enter the FQDN.
   • If you use a public IP address to access the SMC API, do the following:
     • Click Add,
     • Select IP address from the drop-down list in the Type cell,
     • Double-click Value cell, then enter the public IP address for SMC API connections.
9. From the signing options, select Self-Sign, and then click Finish.
10. Right-click the certificate element as created in the preceding steps.
11. Select Properties.
12. On the Certificate tab, click Export and save the certificate file.
13. Click OK.
14. Convert the exported certificate to base64 string using a Windows machine with Windows PowerShell ISE.

1. Open Windows PowerShell ISE and load the content of the exported certificate into a variable. Using the following command, replace the red text with the path to the exported certificate:
2. $pfx_cert = get-content 'C:\Users\Demo\Downloads\certificate1604078668615.crt' -Encoding Byte
3. Run the following command to convert the exported certificate to Base64 string:
4. [System.Convert]::ToBase64String($pfx_cert)
5. Save the output in a secure location for future reference.