Managing trusted certificates

Importing trusted certificates

You can import trusted certificates for code signing and SSL connections other than Amazon Web Services into the system using the Vulnerability ProtectionDeep Security Manager.

If you are importing a trusted certificate to establish trust with an Amazon Web Services region, you must use the vp_cdsm_c command-line tool.

To import a trusted certificate using the Vulnerability ProtectionDeep Security Manager:

  1. In the Vulnerability ProtectionDeep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List to view a list of all security certificates accepted by Vulnerability ProtectionDeep Security Manager.
  3. Click Import From File... to start the Import Certificate wizard.

To import a trusted certificate using vp_cdsm_c:

  1. On the Vulnerability ProtectionDeep Security Manager server, run the following command: 
    vp_cdsm_c -action addcert -purpose PURPOSE -cert CERTFILE
    where the parameters are:
    Parameter Description Sample value
    PURPOSE What type of connections the certificate will be used for. This value must be selected from one of the sample values listed on the right. AWS - Amazon Web Services
    DSA - code signing
    SSL - SSL connections
    CERTFILE The (user-defined) name of the file containing the certificate you want to import. /path/to/cacert.pem
If you are running the Vulnerability ProtectionDeep Security Manager in a Linux environment, you will need to run the vp_cdsm_c command as the root user.

Viewing trusted certificates

You can view trusted certificates for code signing and SSL connections other than Amazon Web Services using the Vulnerability ProtectionDeep Security Manager.

To view trusted certificates for Amazon Web Services connections, you must use the vp_cdsm_c command-line tool.

To view trusted certificates using the Vulnerability ProtectionDeep Security Manager:

  1. In the Vulnerability ProtectionDeep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.

To view trusted certificates using vp_cdsm_c:

  1. On the Vulnerability ProtectionDeep Security Manager server, run the following command: 
    vp_cdsm_c -action listcerts [-purpose PURPOSE]
    The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    Parameter Description Sample value
    PURPOSE What type of connections the certificate will be used for. AWS - Amazon Web Services
    DSA - code signing
    SSL - SSL connections
If you are running the Vulnerability ProtectionDeep Security Manager in a Linux environment, you will need to run the vp_cdsm_c command as the root user.

Removing trusted certificates

You can remove trusted certificates for code signing and SSL connections other than Amazon Web Services using the Vulnerability ProtectionDeep Security Manager.

To remove trusted certificates for Amazon Web Services connections, you must use the vp_cdsm_c command-line tool.

To remove a trusted certificate using the Vulnerability ProtectionDeep Security Manager:

  1. In the Vulnerability ProtectionDeep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.
  3. Select the certificate you want to remove and click Delete.

To remove a trusted certificate using vp_cdsm_c:

  1. Log in to the Vulnerability ProtectionDeep Security Manager console.
  2. Run the following command: 
    vp_cdsm_c -action listcerts [-purpose PURPOSE]
    The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    Parameter Description Sample value
    PURPOSE What type of connections the certificate will be used for. AWS - Amazon Web Services
    DSA - code signing
    SSL - SSL connections
  3. Find the ID value for the certificate you want to remove in the list.
  4. Run the following command: 
    vp_cdsm_c -action removecert -id ID
    The ID parameter value is required.
    Parameter Description Sample value
    ID The ID value assigned by Vulnerability ProtectionDeep Security Manager for the certificate you want to delete. 3
If you are running the Vulnerability ProtectionDeep Security Manager in a Linux environment, you will need to run the vp_cdsm_c commands as the root user.