Procedure to replace or update the certificate on Linux servers

Steps

  1. Log in as root.
  2. Navigate to the bin directory on the Management API machine.
    cd /opt/Websense/bin
  3. Open the ApiParameters.ini file in a text editor.
    This file is used to configure how the server certificate is generated.
  4. Use the RestServerCertPath parameter to specify where the generated certificate files will be stored.
  5. Use the RestServerCertRoot parameter to specify a name for the certificate file.
  6. Use the RestServerCertKey parameter to specify the private key for the certificate.
  7. Save and close the file.
  8. Run the GenerateServerCert.sh script to create the server certificate. The script accepts 2 optional parameters:
    • Use -h or --help to display usage details.
    • Use -r or --restart-mas to restart the Policy API Server daemon after the certificate is generated.
  9. Start the Policy API Server daemon. Policy API Server cannot start until the server certificate has been created.

Next steps

When the certificate is generated successfully, the script displays a message with the following information:

  • The certificate file name
  • The key file name
  • The IP address for which the certificate was created
  • The period for which the script is valid

For example:

Certificate <path>/PolApiServer.crt and key <path>/ PolApiServer.key were created for host 10.54.67.100 for 1825 days

Continue with Enabling communication between Management API clients and servers.