cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Agent SHA-2 Certificate

Jump to solution

Can anyone please tell me how to check and confirm the SHA-2 certificates locally (client system)? I have generated the certificates but I haven't activated them yet so I would like to see if SHA-2 certificates are already downloaded on to our Windows Servers and Workstations. Thank you.

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: McAfee Agent SHA-2 Certificate

Jump to solution

A non-activated sha2 cert will have both sha1 and sha2, which is what you see there with 4 certs.  An activated one will show only 2 certs, but they should be sha2.  When you double-click on the cabundle.cer on an activated one, then you should see sha256 as the signature algorithm.  A sha1 cert will show sha1.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

7 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: McAfee Agent SHA-2 Certificate

Jump to solution

You can go to certificate manager in epo and look for the percent of systems with the sha2 cert, but on the client side, you can check these steps:

Steps to verify on Client machine about the changes on ePO for certificate regeneration.

  1. On the client system, check the CABUNDLE.cer file with modified time, where the ASCI will receive the new updated sitelist cert info and updates the cabundle.cer file
  2. To verify the file is updated with SHA2 info before clicking on activation on ePO, edit the cabundle.cer file through the text editor, example open with Notepad or Notepad++ to see two sets of cert for SHA1 and if the client has received the sha2 certs, there will be 4 sets of certs.
  3. You can also match the cert info in cabundle.cer to ensure it is the same as what is in the sitelist.xml on ePO server in the root of the db folder in install directory.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: McAfee Agent SHA-2 Certificate

Jump to solution

thank you @cdinet - however, cabundle.cer is not available to all workstation for me to check. I have tried opening a sample in a notepad. but I am just seeing a gibberish texts.

-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIIIdYDHJgIR48wDQYJKoZIhvcNAQELBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYxMB4XDTcwMDEwMTAwMDAwMFoXDTQ5MDIxNzE3MDcwMFowPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1KzEjdvZxQM
9eXBgiF/O6Fc2vawDfTIV/lu78ykmdGu/yH3xunmtu3AwrEhtOpmC9gYn77c6rgT
9Km3MvZoatikjk/vAiIepVclj2stLhnhSofL3pAoWUmrAg3XTQ8A8g1uJCTDM4eH
+VAwRrgODO6YpXf6JIE1rUGCF1Kl/R8FKIhWjOBKZkNnwM0gMClrvzsgL5WYjeSX
hgHK9fAk5qgnWiUUGdtvXUyUt1r9P8XMpBIXXVvAHWg7aO4aTlNEJa+2jdhmIXT5
4snRyMysa9NtyU+cDkVAIuoUToPI1iAG+wGClpz9VYUxC9GlYg40Z8d3P5OSA2/r
fwVBzTCGqwIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTqM1Bf
FnfttRIWEe/wNSFKIIebbDAfBgNVHSMEGDAWgBTqM1BfFnfttRIWEe/wNSFKIIeb
bDANBgkqhkiG9w0BAQsFAAOCAQEASyMdKOq1whlvlkeKRPVOXWAof1UbEAR8n+NS
P6u6+KRMHVCsM5aIyyX5Gfj9wwDqwCIm2YTNEP2zva2nNoGYf81M8oEl4KSOJWOx
tZATz5wasglzlnTp+922mAMZUQE0KLihFBF8rvocyXxxM7/Y29pWEULWu/jqSOpq
tSCHH7m9QlZrQ1fJmRMapZQm6eld7x+aGE0Z/WTxuaZWONthgzlZUncpoVqmR3bB
rkXzUkSuXSu3H2bvRqwHo3AgzLVo+hAnUfItIL+OUiaSaKuTjhObeucvYQtCf6FG
cCoVOKzdWIJt7XnhvEA1uDaegoXVR5JrH3ZmP99vfK8EW6VItw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIIFGSIOW0xMtkwDQYJKoZIhvcNAQELBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYxMB4XDTcwMDEwMTAwMDAwMFoXDTQ5MDIxNjE3MDcwMlowODEPMA0GA1UE
CgwGTWNBZmVlMQswCQYDVQQLDAJBSDEYMBYGA1UEAwwPQUhfQ0FfU1RIQTM4QTYx
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+m/Ae3mMCVPtyC8mwmX
6kOdA1tXVbrWaCWxW0EQclOrbxAkQyB4vgL8xQM047TkA4d430N9pZc1mranle/r
7gW8iaqqU0a6ijVnTz/cfuTDqg3K5/M2H1qylRmqWdheQp088w/T7qbrDxCzn36N
7xGbV80QmhA+YDEYALVC/AoEoricRDRviH5a15l18UFxL7Op2cMQw2UYez00RL89
2zshPn6bv9ao/NvRrh22s931ygFgcQpF/AEFTMaJDY+gH48R53OB4Uaj6tj60U+j
W+F4lzsmGxhZSFC3CU7xiOE3bOKtdH4gbVs4lD1eaWhh5c6HQpb+eD8ocRdUTuxp
mwIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR06QlZnVCqg694
5o5tZVP9H4z2jjAfBgNVHSMEGDAWgBTqM1BfFnfttRIWEe/wNSFKIIebbDANBgkq
hkiG9w0BAQsFAAOCAQEArfsF6o5CjWin25iUdkywdbx+Tl2pogNgOViXi6ZSIOXk
U+2cEKhfzKXtYuhnNQLu9gkcGkQxFAH+BX7K7VAj9vlGctO0VfMbSNPRp/LoGhT/
9VIC7JCanjGfV3Z9QuEZCiTUu0houRor9ezaTu/bB2iaPlpVV1Eq4sirgl1ey5EI
/AoC+grYbduO15VBylrqq/ICdRmROjHAa5bWRgpRHXNsaajmGrN4S1p33qIyQaN3
1cHKEQpXTqAebgrAA3o8T8cp1F5nZYoIkQ/vrAfrUy8otyaMhIZSPxrXnVgM+D4q
ly+h8ajofW9PjQA/7Ki2gU+EDxYmI7SYs4Fqlrw1zA==
-----END CERTIFICATE-----

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: McAfee Agent SHA-2 Certificate

Jump to solution

That is what you will see.  The begin certificate to end certificate is one cert - your text output shows only 2 certs.  So the client you got that from hasn't received it yet.  What is the distribution percentage in certificate manager for your systems?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: McAfee Agent SHA-2 Certificate

Jump to solution

It's weird cause that cabundle.cer sample is from a workstation in our Non Prod ePO where the SHA-2 were activated. And this machine were also installed using the agent package from which SHA-2 is activated as well (non prod). However, a new sample below is from a windows server in our Prod ePO where the certificate is not activated yet but has the distribution percentage of 98%.

 

-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIIYUxzVqPGeMMwDQYJKoZIhvcNAQEFBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMB4XDTcwMDEwMTAwMDAwMFoXDTQzMDQyOTE3NDI1MVowPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEApCHFB8antsHU
4Y/DJQLz3ChoDlyHoJjs6rVOrT4zBKmYh76WkLdOu4XXes41iENuwvoO8h+iodd1
O1qC+bCQlaE7DPI4rNvAfdbNMmzb37YbQq+/VpWQ52uX6zgjwf+N48HLbl4j1Sym
O+qH2T+/3Zdx1H7qtXZBNNiL1g6FDk7QVLBH62XG3bAzYRiDuIjsdkppiEmd6JQr
sEnebwCEGpoIqw6Zedp+LqcJhW2SDs5TgofRhH2A4HXJ/ZUQ2A8/8CTuf19GGoH8
HykkwfWyqWAUjKIaJUPv1/7fzg9A8jRTN+6kvltVbYKWZRY4f4DWTh9FXh/3W7YD
yoMVPMcVgwIBA6NTMFEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwVnd8KP6
IwM8QYSTY65Y4fFv9tMwHwYDVR0jBBgwFoAUwVnd8KP6IwM8QYSTY65Y4fFv9tMw
DQYJKoZIhvcNAQEFBQADggEBAIjTHgN2DS+J/by96ZyWEO94948EYFVEHHpjoTAt
rcuF3KYv3N+6MYGMApLKXTwwXgsqEdu2eYS/dOQSlm0HMnfooZWg9aOJR5aZpiNp
ZfxhKVTZCKWHxf9WASDchV8N9tkggZul215bdpFTU/MrA0qhJzxjeAZ5oBJrAoXZ
0YhiCf+iRsjTREZAwNQOPoYvP6WjZI5oz3lhByfGJGGUmRA985WfXvBwz9Z49kBy
GkpASPESOiaazGeb8bXIujICGLZkyUPBG1vQTcAk4GxRbN56xGfub+DY3dsnPmFU
YMhi4OLUoaStlNm114HYOwpHDhbmmZUvLa0Y4BjTDmtZMHc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIIBZd21JinM2gwDQYJKoZIhvcNAQEFBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMB4XDTcwMDEwMTAwMDAwMFoXDTQzMDQyODE3NDQzMVowODEPMA0GA1UE
CgwGTWNBZmVlMQswCQYDVQQLDAJBSDEYMBYGA1UEAwwPQUhfQ0FfU1RIQTM4QTYy
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA5BcCTHGAOWcXuTNtVhKg
KbFN/7l3dD1EfeDccn0xcKz8XinH3Y2BUIWybYPSrpioNQAAYgF6iUjIGz2RcnZn
VKqDMHBI5tV1RwxhXArQNdVTnCM4JO42gpJ5BkCyysh08UEP4dcQaTo5CZBDTaaI
cYdYUNIFzU3WiKEfqxS93GcMMjHDb/OUNYILqztN2Jo77WwlMVjb7//5kCV312PI
wu8HBmWSEYuD07MhpZwnjDvQ4eikS2FBbH5bRDNwoUNxT/dDp3qdVqNw58phtRGn
pKNumnftKcgeJsAvg0CW4bN3LG07dVlZkGcei5U0oYDtHgpU8p/Vg9P65DYX7elD
DQIBA6NTMFEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ruuW18A2Bpv16R2
exdYkYXMzNQwHwYDVR0jBBgwFoAUwVnd8KP6IwM8QYSTY65Y4fFv9tMwDQYJKoZI
hvcNAQEFBQADggEBAHxOLx5oyemOuH7WatDLGqqfqY/uwz16H9TaFy9mx/tYIFcZ
eBU8h9oSXmmgskObUl8/yjfTZYKTgtHhp4QKUQ0tvAWPOi0YEVzjitb4mp2c29bL
WXfAWKxYeyKvwCP7BBS72AeipcZfkMezbbQbMWjFr/rQO9Jhr3o7C9JmN3C5wuFS
nQVeMLr+Styd6wmXCdrlg/x7FC5UWjQFEVLN97TVv6i2AabqyrxL+3ZnLjeyTJ1Z
LFdcUHds1tVHBbZ6Yxbcm2JkkxP1z97wRvHOClz0PlXDwDzP8AXgq6CrtI+LAR+U
x5cSEHBG2eyJJLF6G4gcFKC/soA3qrTKVjERBrM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIIJAgG8S2i4sYwDQYJKoZIhvcNAQELBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMB4XDTcwMDEwMTAwMDAwMFoXDTQ5MDMxMTAxNTAwNFowPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTNURou2ZiYU
tRywu4b/qj5qiUEFTz3hN0VbHJIV17lbrtuYWpzwe++GPhANIkvapKVu9ZXhxcSZ
R5njIheI/WaIyolFUIrxO+d7px2i8Jgzy/ysd1T7CEyGnuAQkN1OLjHOAR892Cnn
F4L0yoPdvu0FnzLJpTwH8njLpwVkLgeQ7lPrEpWC2v4ezTa7cROj+du4wipNh04L
nl2pzTB/q6mtJLF8Q669q3rCJ//0Lf7FPyo2MjjuUO6avii2sY43r1fjHzM7CJW/
+si9DcvlRgD6qoGI5L7suoqCZ45/VfD5iOpv9tncg/WFrAb7JDqpfc79Wo0xMQkp
hJeTTAAFOQIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRmltME
sY24XsiQDvdxIGhPQeOACjAfBgNVHSMEGDAWgBRmltMEsY24XsiQDvdxIGhPQeOA
CjANBgkqhkiG9w0BAQsFAAOCAQEAYQLfrH3ogBMb7rHT8lAmo6pWG+HP/e4zmkxX
nyRiZYMXOnRMkvp4oC3diqJ2Fki3HcHfnQMiQM7AkQHusdWd+MPL9Xf63GrugsDL
IQKMNtUPbSUvdHO572Ah0RSaj4DAzmU7kxBA34tf7/KME72Ovol4RKBpQ5eee7uY
0QyVerkVr9qKFBXpC+41MISj9dwBFKSE7KFcJZakeOK/IehcM5t5tgpZYUipsND+
TpBBH6G2KIJnbRG/e+6q3tmSL7ayl5FCgfj+TegIaODo56tghRcDLzkXBwPGQpMn
VnBrRSEJyCQdq1H0AtzIaY4HTx0xozlTdnY1of7xl/zS6ZCkpw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIINPFkNA4n0TYwDQYJKoZIhvcNAQELBQAwPjEPMA0GA1UE
CgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEbMBkGA1UEAwwST3Jpb25fQ0FfU1RI
QTM4QTYyMB4XDTcwMDEwMTAwMDAwMFoXDTQ5MDMxMDAxNTAwNVowODEPMA0GA1UE
CgwGTWNBZmVlMQswCQYDVQQLDAJBSDEYMBYGA1UEAwwPQUhfQ0FfU1RIQTM4QTYy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uBZrB1FfuK5xiwUReVt
TthO9FX8sUxfUfHZKyyg50YM6ZjaaaBrcorG+B6DoqS6x8FNVeesHaWWd53S+hAS
wWy92t773nLIQ5kIU2j9Z9z6f0hJAxWNKXm2dL82DROZnNzeBjb4j9foQCeIKU8O
vkXIse4vYjW/angI5xjG8u2IyZfGwW1jAQZkdut0uKYlYELKejdR9ynM3LyXmujt
8vxusstYnaFl9VH79PK8kBjOovWrr2TJ4cr3yI5cNjNSZFoZiP/9Fpz4i1DDZfkv
HWXIleSPRuZ0FPQBVAcyWFfx6OwFaK1kIFAs2QUhd49Mu1yh71UL7fYuIKSmoyxC
sQIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTSE43gwBlkXCIp
4Io9LC4jHv5WtjAfBgNVHSMEGDAWgBRmltMEsY24XsiQDvdxIGhPQeOACjANBgkq
hkiG9w0BAQsFAAOCAQEABnD+5d5TazRjt7LKrWsJoCMDMB8jnDZyeFM/f6tfwjGy
N/gCmT8IaIsoecNwbpOz/LZWJFVEB05fSoc1BSxzwaVpngf8gtEnLFs62TzHO/Yl
rkVRTD5dzBSrYszjCSKTNcWJe9F4sT07sndnQtFhQxzyzVe8r9jVq30DhGe1G9mB
7GgINeWoz2h622Gd9PO4B3spHTly3hrk4NGRsnWdUmVAfCN/r20O14J53OkVc4Q0
ax76F7pldk9pSfl4yHydbCDuMtTl8frGMKAx9a6UgiIl9dkCMqNk9uDGIYvGkm5C
twh52vpBXs5aqXid6TBnwd/YBokJ0QJxBS8JsKWDhQ==
-----END CERTIFICATE-----

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: McAfee Agent SHA-2 Certificate

Jump to solution

A non-activated sha2 cert will have both sha1 and sha2, which is what you see there with 4 certs.  An activated one will show only 2 certs, but they should be sha2.  When you double-click on the cabundle.cer on an activated one, then you should see sha256 as the signature algorithm.  A sha1 cert will show sha1.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: McAfee Agent SHA-2 Certificate

Jump to solution

It all makes sense now. thank you so much, appreciate it!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: McAfee Agent SHA-2 Certificate

Jump to solution

Anytime - glad to help!

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community