Any one know if ePO 5.3.2 supports Migration to SHA-2 certificate.
We were planning to upgrade our ePO to 5.9 and one of the item to be check is as stated on the subject line. I just need verification, since I can't find any documents that will answer my inquiry.
You can upgrade to ePO 5.9 "as is", no need to take action at this point on the Sha-1/Sha-2 setup.
The need to migrate to Sha-2 comes about after that point.
SHA-2/SHA-256 support with McAfee products
Technical Articles ID: KB88228
Once you have an active install then move on to work through this article:
Migration from SHA-1 to SHA-2 certificates is required after upgrading to ePolicy Orchestrator 5.9
Technical Articles ID: KB87017
As the above article cautions and reads:
"Solution CAUTION:Read all these instructions carefullybeforeproceeding with the steps. Failure to wait for sufficient agent saturation in step 5 can result in large numbers of agents failing to communicate until the agent is reinstalled. This solution canonlybe performed on an ePO 5.9 server because Certificate Manager is a new feature introduced in ePO 5.9."
"5. Wait for sufficient saturation of the new certificates when certificate regeneration completes, BEFORE you continue. "
The reference to step 5 and the wait period it describes is critical, as to 'active' this operation before all agents have migrated will render them unable to communicate and you will be doing a reinstall of each agent to correct the matter, there is no second option in this activity!
To help I found this article for you about ePO 5.9.1 and a Hotfix that should be collected and installed (solution 2) - Hotfix 1226775.
Agent-server communication fails after migration of Agent Handler certificates from SHA-1 to SHA-2 Technical Articles ID: KB90182
As with this or any other upgrade or version change for any reason I strongly advise a FULL backup (snap shot) of ePO and its dB is done first. Verify that it is good and valid then in the event of any unforeseen issue appearing, you have a safe and valid start point to return to.
ePolicy Orchestrator server backup and disaster recovery procedure Technical Articles ID: KB66616