I know McAfee has provided an EEDK_PKG1001.zip to deploy the USERTrustRSACertificationAuthority.crt root certificate to endpoint systems, which works great. My question is... Will McAfee also provide a package to deploy the remaining certificates needed to validate the digital signatures before installing or upgrading McAfee ENS 10.7? The certificates I am referring to are listed in knowledge base article KB91697.
If not, has anyone been able to successfully deploy them via "registry" GPO. We have attempted to deploy them via GPO but the certs aren't replicating to the Third-Party store.
Thank you in advance for any help/guidance you can provide.
The KB you mentioned has a reg file that can be used for gpo's as well as a bat file that can be run on the systems. You can download EEDK and create your own package also to push out the .bat file.
This is the getting started guide:
This is where you can download it from.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
That is quite possible, I haven't tried using gpo for that.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
I see some in both trusted root and 3rd party trusted root, so I am not sure if it is critical or not as to which one. You can let your SR owner clarify that with dev. Otherwise I can ask them on a call Wednesday with them.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
I received confirmation from Technical Support that the certificates must exist in the Intermediate store (CA) and the Third-Party store (AuthRoot) according to KB article below:
https://kc.mcafee.com/corporate/index?page=content&id=KB91697
The specific questions I asked were:
1. Can they exist in BOTH Trusted Root and Third-Party Root?
Answer: Technically, yes (since Third-Party Root is a subset of the Trusted Root certification authorities, it should work fine)
2. Can they exist in Trusted Root ONLY (and not in Third-Party Root)?
Answer: They did not say yes or no (I believe the answer is no). Technical Support advises to follow best practice to ensure no issues are encountered. They advise to follow the KB article and ensure the respective certificates are in the Third-Party Root store.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA