Manage WebBlocker Server Certificates

In the Certificate Management section of the System Settings page Status tab, you can generate a CSR file, import a web certificate, or manage the trusted CA certificates for the WebBlocker Server. When you import a signed certificate, the private key must be included in the web server certificate. If you use a third-party Certificate Authority (CA) to generate your web server certificate, you must import the certificate to the WebBlocker Server. You can also regenerate the default web server certificate when it expires.

For more information about certificates, go to About Certificates.

Generate a Certificate Signing Request

To generate a Certificate Signing Request file:

  1. In the Status tab, Certificate Management section, click Generate.
    The Certificate Signing Request dialog box appears.

Screenshot of Certificate Signing Request dialog box.

  1. Complete the necessary settings for the Certificate Signing Request.
    You must specify the Common Name, Company Name, and Country to include in the CSR. All other fields are optional.
  2. Click Generate.
    The CSR is generated.

Import a Web Server Certificate

You can import web server certificates to the WebBlocker Server in Base64 PEM encoded format or PFX file format

When you import a web server certificate, the WebBlocker Server verifies that the certificate is intended to be used for a web server. If the certificate is not intended to be used for a web server, the WebBlocker Server will not import the certificate.

To import a web server certificate to the WebBlocker Server:

  1. In the Status tab, Certificate Management section, click Import.
    The Import Web Server Certificate dialog box appears.

Screenshot of Import Web Server Certificate dialog box.

  1. From the Certificate Type drop-down list, select the type of certificate to import, either PEM Certificate or PFX File.
  2. If you selected PEM Certificate, select the file to import or select Paste .pem content and paste the certificate content in the text box.

If you selected PFX file, select the PFX file to import. If the file is encrypted, type the decryption passphrase in the PFX Passphrase text box.

  1. Click OK.

Export the Web Server Certificate Trust Chain

You can export the WebBlocker Server web server certificate chain of trust.

To export the certificate trust chain:

  1. In the Status tab, Certificate Management section, click Export.
  2. Follow your browser prompts to download, open, or save the file.

Regenerate a Web Server Certificate

The WebBlocker Server default web server certificate automatically expires six months after it is generated. You can use the Default Web Server Certificate option to generate a new default web server certificate for the WebBlocker Server.

If you have imported a third-party web server certificate to the WebBlocker Server, you can also use the Default Web Server Certificate option to replace the third-party certificate you imported with a new, default, self-signed certificate generated by the WebBlocker Server. When you restore a web server certificate, the WebBlocker Server restarts and you must log in again.

  1. In the Status tab, Certificate Management section, click Regenerate.
    A confirmation message appears.
  2. Click Yes
    The WebBlocker Server generates a new default web server certificate. If you had imported a third-party web server certificate, it is deleted and replaced by the newly generated default self-signed certificate. The web server restarts and the WebBlocker Server login page appears.

Manage Trusted CA Certificates

On the Trusted CA Certificates page, you can see all the trusted CA certificates available for your instance of the WebBlocker Server. This includes the CA certificates for your email server (for email notifications).

You can import the CA certificates that the WebBlocker Server uses to create a secure channel between the WebBlocker Server and your email server. If the certificates your email server uses are signed by a Certificate Authority that is not already trusted by the WebBlocker Server, you must import the certificates.

You can view a current certificate, delete an imported certificate from the list, or import a new certificate.

When you view a certificate, you can see these details:

  • Issuer — The Certificate Authority that generated the CA certificate
  • Subject — The organization that can use the CA certificate
  • Serial Number — The serial number associated with the CA certificate
  • Valid From — The date and time the CA certificate is generated
  • Valid To — The date and time range the CA certificate expires

To view or delete the CA certificates on the WebBlocker Server:

  1. In the Status tab, Certificate Management section, click Manage Trusted CA Certificates.
    The Trusted CA Certificates page appears.
  2. To see the details of a certificate, select the certificate from the Trusted CA Certificates list and click View.
    The View Certificate dialog box appears.
  3. To delete a certificate, select the certificate from the Trusted CA Certificates list and click Remove.

To import a new CA certificate:

  1. On the Trusted CA Certificates page, click Import.
    The Import CA Certificate dialog box appears.
  2. Select the CA certificate file to import.
  3. Click OK.

Related Topics

Monitor WebBlocker Server System Settings

Complete WebBlocker Server System Maintenance

Manage Connected WebBlocker Server Users