cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
LukasNew
Level 7
Report Inappropriate Content
Message 1 of 7

ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Hello,

If I successfully migrate from SHA-1 to SHA-2 certificates and then install McAfee agent package which was created before a migration.

Will the communication work fine between McAfee Agent and ePO ? Or after a migration I will have to create a new installation package of McAfee Agent ?

and

If I transfer a machine from ePO where is still SHA-1 to ePO with SHA-2 certificate. Will the communication work fine between McAfee Agent and ePO.

Thanks a lot for your help.

Lukas

 

 

1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Will the communication work fine between McAfee Agent and ePO ? Or after a migration I will have to create a new installation package of McAfee Agent ?

Yes, create a new installation package

If I transfer a machine from ePO where is still SHA-1 to ePO with SHA-2 certificate. Will the communication work fine between McAfee Agent and ePO.

Yes, it will work, as the transfer systems will give the client the new sitelist with the new sha2 cert info

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

6 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Will the communication work fine between McAfee Agent and ePO ? Or after a migration I will have to create a new installation package of McAfee Agent ?

Yes, create a new installation package

If I transfer a machine from ePO where is still SHA-1 to ePO with SHA-2 certificate. Will the communication work fine between McAfee Agent and ePO.

Yes, it will work, as the transfer systems will give the client the new sitelist with the new sha2 cert info

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

msmiley
Level 9
Report Inappropriate Content
Message 3 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

We're about to start our certificate migration.  Regarding creating a new installation package or smartinstallers, does the new installation still get the old certifcate until the the "Finish Migration" button is clicked or do new installations get the new certificate while the migration is in progress?

 

LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Hi msmiley,

Yes clients will still communicate on SHA1 until you click on Finish Migration.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

msmiley
Level 9
Report Inappropriate Content
Message 5 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Let me rephrase.

If I start the migration, will any new smartinstallers created before clicking Finish be using SHA2 or SHA1? I'm trying to plan if I need to immediately create all new SmartInstallers right after clicking Finish or can it be done beforehand. 

LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

If I start the migration, will any new smartinstallers created before clicking Finish be using SHA2 or SHA1? 

Clients will still communicate on SHA1. 

Once you click Finish Migration, then you have to create a new SMartinstaller for further deployment. Because once you click Finish migration, agents start communicating on SHA2 where as your existing SMartinstaller will contain SHA1 which will not communicate. Hence you need to create a new URL right after "finish migration".

Hope this clears your doubt.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: ePO 5.9.1 Certificate migration : Migration from SHA-1 to SHA-2 certificates

Jump to solution

Any agent installs before clicking finish will have both sha1 and sha2 certificates.  Once a client receives that agent with both certs, it will use the sha2 cert.  The sha1 is there in the event the migration is cancelled for any reason, the agents can still then communicate with the sha1 cert.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community