6 Replies Latest reply on Jun 14, 2011 9:26 PM by svenki24

    Generate CSR for ePO web server cert

      Does anyone have instructions to generate a CSR for the cert so I can request a signed cert for our CA. I am a bit confused because I thought one of the requirements for installing ePO was an IIS installation. However, it seems to me that the web service is using tomcat. Any clarification and guidance would be great!

      Thanks
        • 1. RE: Generate CSR for ePO web server cert
          hi,

          yes, as you say - ePO generates a self signed certificate during install, and therefore unless you establish a trust, you will always get a message that the certificate could not be validated.

          it is probably possible to insert a certificate signed by your own CA, but im guessing it would be unsupported.
          its something id like to have a go at ( using a non self signed cert) just to see if it works...
          • 2. RE: Generate CSR for ePO web server cert
            cdobol

            Bringing this thread back from the dead.  Maybe after 3 years and with EPO 4.5 around there is a way to do this.  Anyone know how to generate a CSR cert so I can request a signed cert for our CA?

            • 3. Generate CSR for ePO web server cert

              KB52736 says "At this time, McAfee does not support configuring and using a custom SSL certificate with ePO 4.0, however ePO 4.5 does support the use of custom SSL certificates." (https://kc.mcafee.com/corporate/index?page=content&id=KB52736)

               

              KB66282 says "For more information on SSL Keys, refer to page 33 (SSL Certificates) and page 34 (Installing a trusted security certificate for the ePO browser) in the ePO 4.5 Product Guide" (https://kc.mcafee.com/corporate/index?page=content&id=KB66282)

              • 4. Re: Generate CSR for ePO web server cert

                I've same the issue. We're not sure how to generate CSR out from the EPO server. KB66282 (page 33/34) does not have any detail on how to create CSR. 

                 

                We're planning to have entrust cert for ePO server, to submit the cert request we need the CSR generated from the ePO server.

                 

                Any guidance would be great

                 

                Thanks,

                • 5. Re: Generate CSR for ePO web server cert

                  Couldn't you use the Certficates MMC snap-in or something like OpenSSL to generate the CSR? http://www.completessl.com/csr_openssl.php

                  • 6. Re: Generate CSR for ePO web server cert

                    Thanks for your inputs - I've managed to generate the CSR and obtained certificate from entrust. However after applying the cert and the private key in the MacAfee console(refer the below steps), still my clients are getting “certificate error”. Upon investigation we've noticed that the installed certificate is NOT associated with private key. (I’ve not imported the cert directly using certificate mmc console)

                     

                    1.             Log on to the ePO 4.5 console.

                    2.             Click Menu.

                    3.             Click Configuration, Server Settings, then click Server Certificate in the Settings Categories list.

                    4.             Click Edit.

                    5.             Browse to the server certificate file and click Open.

                    6.             Browse to the private key file and click Open.

                    7.             If needed, type the private key password.

                    8.             Click Save

                     

                    Meaning if double click and view the certificate in the server, I’m not seeing "You have a private key that corresponds to this certificate"  and also in my personal store (local computer) cert is not imported automatically.