🔐 **证书生成与备份**: 指南首先详细说明了如何停止Trend Micro Deep Security Manager服务，并创建必要的备份。这包括创建一个名为“certs”的文件夹，以及将现有的“.keystore”和“configuration.properties”文件复制到“Backupkeystore”文件夹中，以防后续操作出现问题时能够恢复。

🔑 **创建证书请求**: 用户需要在管理员命令提示符下，导航到DSM的jrein目录，然后使用`keytool`命令生成密钥对和证书签名请求（CSR）。此过程会创建一个`.keystore`文件，并生成一个名为“certrequest.txt”的CSR文件，其中包含服务器的完全限定域名（FQDN）。

📜 **CA服务器证书申请与SAN配置**: 详细介绍了如何在微软CA服务器上进行证书申请。用户需要选择“高级证书请求”，并粘贴CSR内容。关键步骤是，在“其他属性”中正确配置Subject Alternative Names（SAN），格式为“san:dns=&dns=”，以包含所有必需的域名或IP地址，确保证书的广泛适用性。

✅ **证书导入与服务重启**: 在成功从CA下载证书链（trend.p7b）后，用户需要使用`keytool`命令将其导入到之前生成的`.keystore`文件中。最后，需要编辑“configuration.properties”文件，正确设置`keystorePass`，并重启“Trend Micro Deep Security Manager”服务，使新证书生效。

So going though v7, v8 and v9 of the certificate guides I continued to have some issues getting the certificate to work and the steps never included ways to add subject alternative names. Upon further research I have identified a good step by step to replace the trend micro DSM certificate and include subject alternative names using a Microsoft certificate authority.

Stop the “Trend Micro Deep Security Manager” serviceIf not already created, create a folder on the root of C:\ called “certs”Go to C:\Program Files\Trend Micro\Deep Security Manager and create a new folder called “Backupkeystore”Copy .keystore and configuration.properties to Backupkeystore folderOpen administrative command line & change directory to “C:\Program Files \Trend Mirco\Deep Security Manager\jre\bin\”Run this command “keytool -genkey -alias tomcat -keyalg RSA -dname cn=(FQDN of Server)”.This will create a “.keystore” file under the C:\Users\ directoryWhen prompted for password enter a password for the keystore.Run this command “keytool -certreq -keyalg RSA -alias tomcat -file certrequest.txt”When prompted for password use same password as entered in step 6.Open the certrequest.txt located in C:\Program Files \Trend Micro\Deep Security Manager\jre\bin\ and copy the contents of the file.Access the CA server site https://certsrv and click “Request a certificate”.Select “advanced certificate request”Select “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file”Paste copied text from certrequest.txt in “Base-64-encoded certificate request” field, select “Web Server” under Certificate Template and enter Subject Alternative Names under Additional Attributes using the following format: “san:dns=&dns=” and click “Submit.”Click “Download certificate chain” and save as “trend.p7b” in the certs folder on the C: driveFrom administrative command prompt run this command “keytool -import -trustcacerts -alias tomcat -file C:\certs\trend.p7b -keystore C:\Users\.keystore”When prompted for password use same password as entered in step 6.When prompted to “Install reply anyway”, type “yes”Copy .keystore from C:\Users%username%\ and paste it into C:\Program Files \Trend Micro\Deep Security ManagerFrom administrative command prompt change directories to C:\Program Files \Trend Micro\Deep Security Manager and run this command “.\configuration.properties”. This will open the configuration.properties in notepad.Look for the line keystorePass= and delete the entry after the = symbol, enter the password used in step 6 after the = and save and close the file.Restart the “Trend Micro Deep Security Manager” service