Manage trusted certificates

Trusted certificates are used for code signing and SSL connections to external services such as a Microsoft Active Directory, VMware vCenter, and Deep Security Smart Check. They're also used to exclude files from Anti-Malware scanning.

Import trusted certificates

If you are importing a trusted certificate to establish trust with an Amazon Web Services region, you must use the dsm_c command-line tool.

To import trusted certificates using the Deep Security Manager:

  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List to view a list of all security certificates accepted by Deep Security Manager.
  3. Click Import From File to start the Import Certificate wizard.

To import a trusted certificate using dsm_c:

  1. On the Deep Security Manager server, run the following command:
    dsm_c -action addcert -purpose PURPOSE -cert CERTFILE
    where the parameters are:
    ParameterDescriptionSample value
    PURPOSEWhat type of connections the certificate will be used for. This value must be selected from one of the sample values listed on the right.AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
    CERTFILEThe (user-defined) name of the file containing the certificate you want to import./path/to/cacert.pem
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c command as the root user.

View trusted certificates

To view trusted certificates for Amazon Web Services connections, you must use the dsm_c command-line tool.

To view trusted certificates using the Deep Security Manager:

  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.

To view trusted certificates using dsm_c:

  1. On the Deep Security Manager server, run the following command:
    dsm_c -action listcerts [-purpose PURPOSE]
    The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    ParameterDescriptionSample value
    PURPOSEWhat type of connections the certificate will be used for.AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c command as the root user.

Remove trusted certificates

To remove trusted certificates for Amazon Web Services connections, you must use the dsm_c command-line tool.

To remove a trusted certificate using the Deep Security Manager:

  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.
  3. Select the certificate you want to remove and click Delete.

To remove a trusted certificate using dsm_c:

  1. Log in to Deep Security Manager .
  2. Run the following command:
    dsm_c -action listcerts [-purpose PURPOSE]
    The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    ParameterDescriptionSample value
    PURPOSEWhat type of connections the certificate will be used for.AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
  3. Find the ID value for the certificate you want to remove in the list.
  4. Run the following command:
    dsm_c -action removecert -id ID
    The ID parameter value is required.
    ParameterDescriptionSample value
    IDThe ID value assigned by Deep Security Manager for the certificate you want to delete.3
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c commands as the root user.