cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 8
Report Inappropriate Content
Message 1 of 2

Custom SSL certificate installation on Agent Handler

Hello all - we've run into an issue as a result of a scan/audit against our Agent Handler.

First - a little background:

We are running ePO 5.1 on the internal network.  I've deployed an Agent Handler in the DMZ and opened up https from the outside to the handler so our remotely deployed laptops can communicate back and forth with the ePO environment (run reports, manage policies, push updates, etc).  This has all been working nicely since I set it up a couple months ago.

Our parent company runs tests against our externally-facing services (http/s, smtp, etc..) using the Critical Watch FusionVM product.  They've identified the "SSL - Certificate Authenticity & Trust Chain Validation" issue on our Agent Handler, and are requiriing us to install a signed certificate from a trusted CA.  I can only assume that this problem exists because the Apache server that is integrated into the Agent Handler service is using a self-signed certificate.

Is there a way to install an SSL certificate on the Apache web service, signed by a trusted CA, that would then be used for remote client to Agent Handler communications?

I did some searches and found this post from last August - sadly - at that time, it doesn't appear that this was possible but I'm hoping there is an update or work-around.  https://community.mcafee.com/thread/59072

Please do not confuse this with Agent Handler to ePO server communications - this traffic is internal, not exposed to the outside, and not a factor in this audit.

I fear if our parent company pushes on this, we might be forced to discontinue use of our DMZ Agent Handler, which would put our remote user population at greater risk.  Therefore, if this is not possible, I'll need to collect and supply appropriate documentation in hopes of being granted an exception.

Thanks,

Michael Pare

1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Custom SSL certificate installation on Agent Handler

Please open a case with Support and asl for it to be escalated - I believe our engineering department can provide documentation to support your environment.

HTH -

Joe

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community