cancel
Showing results for 
Search instead for 
Did you mean: 
bgfs
Level 7
Report Inappropriate Content
Message 1 of 8

Web Recovery

I'm managed to get the WebRecovery up and running once with the test cert but following removal and installation of our own cert the Safeboot HTTP Service won't start. I've tried reinstalling the Test cert again but the web service starts but closes straight away. Anyone got any ideas?
7 Replies
bgfs
Level 7
Report Inappropriate Content
Message 2 of 8

RE: Web Recovery

Solved it for the moment. reinstalled the test cert and the service restarted ok

RE: Web Recovery

Did you set the Server.Ssl.CertName variable to the hostname used in the cert in the sbhttp.ini file?
HenryC
Level 7
Report Inappropriate Content
Message 4 of 8

RE: Web Recovery

hi,
one question, where you get the certificate? I thought, SafeBoot only accept Verisign and SafeBoot's...
I will also recommend to enable the following options in sbhttp.ini to debug your problem...
Server.Log.FileName=/xxx.log
Server.Log.Flags=00000005
(or some other level of log...)
mrgui
Level 7
Report Inappropriate Content
Message 5 of 8

RE: Web Recovery

You can generate your own certificate. You just need to add your internal CA to the trusted certificates (for whole server or the SB service). You will have to import the certificate into the SafeBoot web service itself. Make note of the name you give the certificate (subject), because that is how you reference it in SBHTTP.INI

I can put in more specifics, but I don't have that documentation with me at the moment.

We did our own certificate (not verisign). Putting your own certificate in helps get rid of the untrusted site warning on IE 6 and complete failure on IE 7.

As far as the freebies that come with SafeBoot, the current SafeBoot CA expired on 20Apr2008 and the server certificate (127.0.0.1) expires next year (I think).
Highlighted
nasky
Level 7
Report Inappropriate Content
Message 6 of 8

RE: Web Recovery


How to generate SSL Certificate for safeboot using Microsoft CA? Any advise?
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 7 of 8

RE: Web Recovery

just create a server auth certificate, with the name being the full name of your server as the users will use (eg if the address is https:\\myserver.mycompany.com then the server name will be myserver.mycompany.com.
mrgui
Level 7
Report Inappropriate Content
Message 8 of 8

RE: Web Recovery

You then import it into the SafeBoot server like the built-in generic cert (only properly named). If I remember correctly, the certificate file must be in PFX format. Your Certificate Server admins should know how to do that (if not, you can convert it yourself using OpenSSL). Just make sure that you renew it before it expires, because it is easy to forget about that X years later.

Be sure to set your HTTP.INI (or the other one named similar, can't remember) to use the new certificate name.
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.