Trusted certificates are used for code signing and SSL connections to external services such as a Microsoft Active Directory. They are also used to exclude files from Anti-Malware scanning.

Import trusted certificates

Note
Note
If you are importing a trusted certificate to establish trust with an Amazon Web Services region, you must use the dsm_c command-line tool.
To import trusted certificates using the Deep Security Manager:
  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List to view a list of all security certificates accepted by Deep Security Manager.
  3. Click Import From File to start the Import Certificate wizard.
To import a trusted certificate using dsm_c:
  1. On the Deep Security Manager server, run the following command: dsm_c -action addcert -purpose PURPOSE -cert CERTFILE where the parameters are:
    Parameter
    Description
    Sample value
    PURPOSE
    What type of connections the certificate will be used for. This value must be selected from one of the sample values listed on the right.
    AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
    CERTFILE
    The (user-defined) name of the file containing the certificate you want to import.
    /path/to/cacert.pem
Note
Note
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c command as the root user.

View trusted certificates

Note
Note
To view trusted certificates for Amazon Web Services connections, you must use the dsm_c command-line tool.
To view trusted certificates using the Deep Security Manager:
  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.
To view trusted certificates using dsm_c:
  1. On the Deep Security Manager server, run the following command: dsm_c -action listcerts [-purpose PURPOSE] The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    Parameter
    Description
    Sample value
    PURPOSE
    What type of connections the certificate will be used for.
    AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
Note
Note
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c command as the root user.

Remove trusted certificates

Note
Note
To remove trusted certificates for Amazon Web Services connections, you must use the dsm_c command-line tool.
To remove a trusted certificate using the Deep Security Manager:
  1. In the Deep Security Manager, go to Administration > System Settings > Security.
  2. Under Trusted Certificates, click View Certificate List.
  3. Select the certificate you want to remove and click Delete.
To remove a trusted certificate using dsm_c:
  1. Log in to Deep Security Manager .
  2. Run the following command: dsm_c -action listcerts [-purpose PURPOSE] The -purpose PURPOSE parameter is optional and can be omitted to see a list of all certificates. If you specify a value for PURPOSE, then only the certificates used for that purpose will be shown.
    Parameter
    Description
    Sample value
    PURPOSE
    What type of connections the certificate will be used for.
    AWS - Amazon Web Services
    DSA - code signing
    EXCEPTION - scan exclusion
    SSL - SSL connections
  3. Find the ID value for the certificate you want to remove in the list.
  4. Run the following command: dsm_c -action removecert -id ID The ID parameter value is required.
    Parameter
    Description
    Sample value
    ID
    The ID value assigned by Deep Security Manager for the certificate you want to delete.
    3
Note
Note
If you are running the Deep Security Manager in a Linux environment, you will need to run the dsm_c commands as the root user.