A new SHA2 certificate is required for Windows Server 2008 (IIS 7 and above) after the Safend server name is modified and when an organization needs their own trusted certificate.
Procedure:
- Download the Makecert.zip and copy the makecert.exe to Windows / System32.
- Run the following command:
MakeCert -r -pe -n “CN=FQDN” -b mm/dd/yyyy -e 07/07/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky Exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 -a SHA256 -len 2048- Replace the MM/DD/YYYY with today’s date in the same format.
- Right click My computer and select Manage > Roles > Web Server (IIS) > Internet Information Service (IIS) Manager.
- In IIS Snap-In in the Safend Data Protection Suite Web Site field right click and select:
Edit Bindings > Site Bindings > https port 4443 > Edit > SSL Certificate field > New Certificate Name > View > Cancel and Close.- Return to IIS Snap-In in the ServerName field and remove the Safend Data Protection Suite Web Site’s old certificate.
- Return to In the IIS Snap-In in Sites > Safend Data Protection Suite WS, right click and select Edit Bindings > Site Bindings > https port 443 > Edit > new server name certificate > OK.
- Return to IIS Snap-In > Web Sites > Safend Protector Web Site WS, and repeat the above.
- Do the following:
- Safend Protector Server Version 3.2 – restart the Safend Broadcast Service.
- Safend Protector Server Version 3.3 or above – restart the Safend Local Service and wait for the Domain Service to start. Run the command: iisreset > Login to the Console and then republish your policies.
Note: Both websites now share the same certificate unlike during initialization where two certificates are used.