A new SHA2 certificate is required for Windows Server 2008 (IIS 7 and above) after the Safend server name is modified and when an organization needs their own trusted certificate.


  1. Download the Makecert.zip and copy the makecert.exe to Windows / System32.
  2. Run the following command:
    MakeCert -r -pe -n “CN=FQDN” -b mm/dd/yyyy -e 07/07/2036 -eku -ss my -sr localMachine -sky Exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 -a SHA256 -len 2048
  3. Replace the MM/DD/YYYY with today’s date in the same format.
  4. Right click My computer and select Manage > Roles > Web Server (IIS) > Internet Information Service (IIS) Manager.
  5. In IIS Snap-In in the Safend Data Protection Suite Web Site field right click and select:
    Edit Bindings > Site Bindings > https port 4443 > Edit > SSL Certificate field > New Certificate Name > View > Cancel and Close.
  6. Return to IIS Snap-In in the ServerName field and remove the Safend Data Protection Suite Web Site’s old certificate.
  7. Return to In the IIS Snap-In in  Sites > Safend Data Protection Suite WS, right click and select Edit Bindings > Site Bindings > https port 443 > Edit > new server name certificate > OK.
  8. Return to IIS Snap-In > Web Sites > Safend Protector Web Site WS, and repeat the above.
  9. Do the following:
  • Safend Protector Server Version 3.2 – restart the Safend Broadcast Service.
  • Safend Protector Server Version 3.3 or above – restart the Safend Local Service and wait for the Domain Service to start. Run the command: iisreset > Login to the Console and then republish your policies.

Note: Both websites now share the same certificate unlike during initialization where two certificates are used.

Font Resize