yes, as you say - ePO generates a self signed certificate during install, and therefore unless you establish a trust, you will always get a message that the certificate could not be validated.
it is probably possible to insert a certificate signed by your own CA, but im guessing it would be unsupported.
its something id like to have a go at ( using a non self signed cert) just to see if it works...
Bringing this thread back from the dead. Maybe after 3 years and with EPO 4.5 around there is a way to do this. Anyone know how to generate a CSR cert so I can request a signed cert for our CA?
KB52736 says "At this time, McAfee does not support configuring and using a custom SSL certificate with ePO 4.0, however ePO 4.5 does support the use of custom SSL certificates." (https://kc.mcafee.com/corporate/index?page=content&id=KB52736)
KB66282 says "For more information on SSL Keys, refer to page 33 (SSL Certificates) and page 34 (Installing a trusted security certificate for the ePO browser) in the ePO 4.5 Product Guide" (https://kc.mcafee.com/corporate/index?page=content&id=KB66282)
I've same the issue. We're not sure how to generate CSR out from the EPO server. KB66282 (page 33/34) does not have any detail on how to create CSR.
We're planning to have entrust cert for ePO server, to submit the cert request we need the CSR generated from the ePO server.
Any guidance would be great
Thanks for your inputs - I've managed to generate the CSR and obtained certificate from entrust. However after applying the cert and the private key in the MacAfee console(refer the below steps), still my clients are getting “certificate error”. Upon investigation we've noticed that the installed certificate is NOT associated with private key. (I’ve not imported the cert directly using certificate mmc console)
1. Log on to the ePO 4.5 console.
2. Click Menu.
3. Click Configuration, Server Settings, then click Server Certificate in the Settings Categories list.
4. Click Edit.
5. Browse to the server certificate file and click Open.
6. Browse to the private key file and click Open.
7. If needed, type the private key password.
8. Click Save
Meaning if double click and view the certificate in the server, I’m not seeing "You have a private key that corresponds to this certificate" and also in my personal store (local computer) cert is not imported automatically.