Create a self-signed certificate for the SMC API

If you plan to deploy Forcepoint NGFW using automatic deployment, create a self-signed certificate for the SMC API.

Note: The certificate for the SMC API must be self-signed. Do not use externally signed certificates for the SMC API.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Browse to Certificates > TLS Credentials.
  3. Right-click TLS Credentials, then select New TLS Credentials.
  4. In the Name field, enter a unique name for the certificate.
  5. In the Common Name field, enter the fully qualified domain name (FQDN) or IP address that the SMC API service uses.
  6. Add the same FQDN or IP address that you entered in the Common Name field as the Subject Alternative Name.
    1. Click Edit next to the Subject Alternative Name field.
    2. Click Add, then select the correct type from the drop-down list in the Type cell. If the value is an IP address, then select IP as the type. If the value is an FQDN, then select DNS as the type.
    3. Double-click the Value cell, then enter the same FQDN or IP address that you entered in the Common Name field.
  7. From the signing options, select Self-Sign, then click Finish.
  8. Right-click the certificate element, then select Properties.
  9. On the Certificate tab, click Export, then save the certificate file.