cancel
Showing results for 
Search instead for 
Did you mean: 
Jimmyl
Level 8
Report Inappropriate Content
Message 1 of 3

PER request to replace the self-signed SSL cert on the EPO "Agent Handler" with a valid SSL cert

Jump to solution

Hi Mcafee supports,

I was told by the support team to request a PER to replace the self-signed SSL certificate on the EPO "Agent Handler" with a valid SSL certificate signed by a valid CA. Currently there is no option to import a valid SSL certificate to the Agent Handler. 

We did a security audit on our external facing servers and the Agent Handler is on the list of High Risk. Here is the finding description and remediation from the report:

Finding Description:

Self-Signed SSL Certificates
Self-signed SSL certificates do not provide server authentication. Conversely, such certificates train the users to accept invalid certificates which would make them used to accepting rogue certificates. The use of self-signed or expired certificated puts the entire communication channel into jeopardy.

Remediation:

Use valid SSL certificates signed by a valid CA such as VeriSign or use a trusted internal certificate authority.

1 Solution

Accepted Solutions
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: PER request to replace the self-signed SSL cert on the EPO "Agent Handler" with a vali

Jump to solution

I suggest to submit IDEA #: 

https://community.mcafee.com/t5/Business-Ideas/idb-p/business-ideas   

and click on 'Suggest IDEA'

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
2 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: PER request to replace the self-signed SSL cert on the EPO "Agent Handler" with a vali

Jump to solution

I suggest to submit IDEA #: 

https://community.mcafee.com/t5/Business-Ideas/idb-p/business-ideas   

and click on 'Suggest IDEA'

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?

PER request to replace the self-signed SSL cert on the EPO "Agent Handler".

Jump to solution
We need assistance with this issue as our Security Certificate team states we must use our own generated certificates and not McAfee's. We have a temporary security exception approved for 3 months to continue using self-signed certificates but we need an Engineer on a call with our PKI Certificate team and our team to answer some questions and confirm for us that this exception is still needed. Since our exception is only temporarily approved this is somewhat urgent. We are aware we can use our own CA for browser certificates. the scope of what the customer is asking is: Can DEV provide a solution for Apache certs to utilize a local CA internally in the environment that would replace the Orion_CA" The cause for this product idea is we have an internal requirement where we cannot allow self signed certs. We have been given exceptions for years and now have been told that they need a direction before future exceptions will be made. Our request is "will this be available in the future (yes or no) and if yes, then when. If not, then a definitive explanation as to why McAfee will not be able to accommodate this. " We opened SR # <4-20309892561> regarding this issue. It has since been closed and this PER created.
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community