In the Certificate Management section of the System Settings page Status tab, you can generate a CSR file, import a web certificate, or manage the trusted CA certificates for the WebBlocker Server. When you import a signed certificate, the private key must be included in the web server certificate. If you use a third-party Certificate Authority (CA) to generate your web server certificate, you must import the certificate to the WebBlocker Server. You can also regenerate the default web server certificate when it expires.
For more information about certificates, see About Certificates.
Generate a Certificate Signing Request
To generate a Certificate Signing Request file:
- In the Status tab, Certificate Management section, click Generate.
The Certificate Signing Request dialog box appears.
- Complete the necessary settings for the Certificate Signing Request.
You must specify the Common Name, Company Name, and Country to include in the CSR. All other fields are optional.
- Click Generate.
The CSR is generated.
Import a Web Server Certificate
You can import web server certificates to the WebBlocker Server in Base64 PEM encoded format or PFX file format
When you import a web server certificate, the WebBlocker Server verifies that the certificate is intended to be used for a web server. If the certificate is not intended to be used for a web server, the WebBlocker Server will not import the certificate.
To import a web server certificate to the WebBlocker Server:
- In the Status tab, Certificate Management section, click Import.
The Import Web Server Certificate dialog box appears.
- From the Certificate Type drop-down list, select the type of certificate to import, either PEM Certificate or PFX File.
- If you selected PEM Certificate, select the file to import or select Paste .pem content and paste the certificate content in the text box.
If you selected PFX file, select the PFX file to import. If the file is encrypted, type the decryption passphrase in the PFX Passphrase text box.
- Click OK.
Export the Web Server Certificate Trust Chain
You can export the WebBlocker Server web server certificate chain of trust.
To export the certificate trust chain:
- In the Status tab, Certificate Management section, click Export.
- Follow your browser prompts to download, open, or save the file.
Regenerate a Web Server Certificate
The WebBlocker Server default web server certificate automatically expires six months after it is generated. You can use the Default Web Server Certificate option to generate a new default web server certificate for the WebBlocker Server.
If you have imported a third-party web server certificate to the WebBlocker Server, you can also use the Default Web Server Certificate option to replace the third-party certificate you imported with a new, default, self-signed certificate generated by the WebBlocker Server. When you restore a web server certificate, the WebBlocker Server restarts and you must log in again.
- In the Status tab, Certificate Management section, click Regenerate.
A confirmation message appears.
- Click Yes
The WebBlocker Server generates a new default web server certificate. If you had imported a third-party web server certificate, it is deleted and replaced by the newly generated default self-signed certificate. The web server restarts and the WebBlocker Server login page appears.
Manage Trusted CA Certificates
On the Trusted CA Certificates page, you can see all the trusted CA certificates available for your instance of the WebBlocker Server. This includes the CA certificates for your email server (for email notifications).
You can import the CA certificates that the WebBlocker Server uses to create a secure channel between the WebBlocker Server and your email server. If the certificates your email server uses are signed by a Certificate Authority that is not already trusted by the WebBlocker Server, you must import the certificates.
You can view a current certificate, delete an imported certificate from the list, or import a new certificate.
When you view a certificate, you can see these details:
- Issuer — The Certificate Authority that generated the CA certificate
- Subject — The organization that can use the CA certificate
- Serial Number — The serial number associated with the CA certificate
- Valid From — The date and time the CA certificate is generated
- Valid To — The date and time range the CA certificate expires
To view or delete the CA certificates on the WebBlocker Server:
- In the Status tab, Certificate Management section, click Manage Trusted CA Certificates.
The Trusted CA Certificates page appears.
- To see the details of a certificate, select the certificate from the Trusted CA Certificates list and click View.
The View Certificate dialog box appears.
- To delete a certificate, select the certificate from the Trusted CA Certificates list and click Remove.
To import a new CA certificate:
- On the Trusted CA Certificates page, click Import.
The Import CA Certificate dialog box appears.
- Select the CA certificate file to import.
- Click OK.