cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How can I make my custom SSL certificate work in ePO?

Jump to solution

I have created a custom SSL certificate that is issued to the published DNS name with some SANs added to it. I have followed the steps mentioned as in KB article located at 

https://kc.mcafee.com/corporate/index?page=content&id=KB72477

and there is no error till I upload it. 

After uploading the certificate to ePO, the browser says it is invalid. 

The certificate is issued to ePO.companyname.com and agents can reach to this address as well. Also, is there a way to change the URL link to 

ePO.companyname.com:8443/core/orionSplashScreen.do? 

 

Thanks in advance. 
McAfee ePolicy Orchestrator 

Labels (1)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: How can I make my custom SSL certificate work in ePO?

Jump to solution

The orion log is what you should be looking at.  You may have to stop all epo services to edit the shortcut file.

The only thing I can suggest is to either open a ticket with McAfee, or send me your certificate so I can check it out.  I will send you private message.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: How can I make my custom SSL certificate work in ePO?

Jump to solution

Does the cert have the root cert for your CA in the certificate chain?  Are you using the private key you generated originally in the KB to import (after removing password)?  

Yes, you can change the url.

In the root of the epo install directory, you will see a file called shortcut - full name is shortcut.url.  Go to properties of that file and change the url to the fqdn of the server.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: How can I make my custom SSL certificate work in ePO?

Jump to solution

Also, does it give any other errors besides invalid?  Does the orion log show anything?  That is in the server\logs directory where epo is installed.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: How can I make my custom SSL certificate work in ePO?

Jump to solution

@cdinet

Q. Does the cert have the root cert for your CA in the certificate chain?  Are you using the private key you generated originally in the KB to import (after removing password)?  

A. Yes, the certificate chain contains the root certificate which was added using this command mentioned in KB, 

openssl> crl2pkcs7 -nocrl -certfile rootcertificate.crt -certfile certificatenew.crt -out epoupload.p7b

I uploaded a new key "unsecured.mcafee.key"file after removing the password by using this command as well. 

openssl> rsa -in mcafee.key -out unsecured.mcafee.key

 

 

And to add the fqdn I tried to edit the mentioned shortcut.url file but the file can't be modified. 

shortcuturl.JPG

 

The message is cannot apply changes to this internet shortcut. I tried to copy edited shortcut file after adding fqdn to another location. The replacement of original shortcut.url with the modified one was successful but if I open the pasted file to the ePO installed folder there are no changes. 

 

Q. Also, does it give any other errors besides invalid?  Does the orion log show anything?  That is in the server\logs directory where epo is installed.

A. I checked the log file called "localhost_access_log.log" and inside that the file is full of text 

"[07/May/2020:00:00:46 -0500] 0:0:0:0:0:0:0:1 POST /dcRedirect/dataChannelMsg.dc HTTP/1.1 - 200 [http-nio-8444-exec-17] [-] 0ms"

 

 

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: How can I make my custom SSL certificate work in ePO?

Jump to solution

The orion log is what you should be looking at.  You may have to stop all epo services to edit the shortcut file.

The only thing I can suggest is to either open a ticket with McAfee, or send me your certificate so I can check it out.  I will send you private message.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community