If you want to change the FQDN of your DualShield Server or switch it from HTTP to HTTPS, you can use the DualShield FQDN Tool to accomplish this. This article outlines how to use the tool and the different options available to use within it.
You can download load the tool by login on to http://support.deepnetsecurity.com/, clicking on downloads, selecting the Dualshield platform and version and going into the tools section:
Firstly, the tool needs to be run on the DualShield Server itself, this is for a few reasons of which the tool will safely stop DualShield before making any changes to the configuration and also so that the connection to the Database is guaranteed to work when making the necessary changes.
To use the tool, you need to first specify the DualShield Directory by clicking the browse button at the top and selecting the base directory for DualShield (typically located at C:\Program Files\Deepnet DualShield). The tool will then read the contents of the provided directory to obtain all the necessary information on DualShield's current status and database connectivity. The window will then look something like this:
As you can see, the values for Current FQDN, Database Type and Database Location have been automatically populated and the DualShield Status has been detected. The connectivity to the DualShield Database is also automatically checked prior to making any changes and the status can be seen by examining the database location line for . If the database connection fails, you will not be able to make any changes until it is resolved. The tool works for both MySQL and Microsoft SQL databases currently and it will automatically detect if DualShield is operating on HTTP or HTTPS.
Once you have loaded in a DualShield Directory and the connection to the database is working, you are now able to configure the options section. The Change FQDN option is used if you would like to change the current FQDN of DualShield. This can be left unchecked if you wish to keep the same FQDN but switch DualShield to HTTPS. If you are running DualShield on HTTP, you have the ability to switch it to HTTPS by selecting the Change HTTP to HTTPS option. If this option is then checked, it is required that you either select the Generate Self Signed Certificate or Import Certificate (.pfx) options. The Generate option will create a Self CA Signed Certificate for you and import it into the Windows keystore. The Import option will require you to provide a .pfx certificate file which will then be imported into DualShield. If you use this option, you will be asked to provide the password used to secure the certificate:
After successfully importing your .pfx certificate, the Change FQDN field will automatically checked for you and filled in:
Editing the FQDN after this will not be allowed (as it has to match the certificate Subject CN) unless the supplied certificate is using wildcard naming.
Once you have configured your desired options, you are then ready to Execute the changes to DualShield. Click the Execute button to start the change process, if valid options have been configured, you will be presented with a summary confirmation box to confirm the changes:
After clicking OK, the DualShield service will checked to see if it is running and inform you that it will be automatically stopped if so:
If you have selected OK to both these prompts, the change process will begin. Once completed, a new window will appear with the results of the operation:
If you see the line "Successfully Changed FQDN!" then the changes have been made successfully to the local files and database. The DualShield service is automatically started when the process is completed. You will need to check the status of DualShield starting via the task manager and wait until the CPU usage has normalised.
After DualShield has started, just click on the desktop icon for the management console as usual and you will be redirected to the new FQDN of DualShield via web browser.