McAfee EPOCDE-AA-BA Product Guide - Page 37
SSL certificates, Replacing the server certificate
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 37 highlights
Configuring general server settings Configuring general server settings 4 Task For option definitions, click ? in the interface. 1 Click Menu | Configuration | Server Settings, select Proxy Settings from the Setting Categories, then click Edit. 2 Select Configure the proxy settings manually, provide the specific configuration information your proxy server uses for each set of options, then click Save. SSL certificates The browsers supported by McAfee ePO show a warning about a server's SSL certificate if it cannot verify that the certificate is valid or signed by a source that the browser trusts. By default, the McAfee ePO server uses a self-signed certificate for SSL communication with the web browser, which, by default, the browser will not trust. This causes a warning message to display every time you visit the McAfee ePO console. To stop this warning message from appearing you must do one of the following: • Add the McAfee ePO server certificate to the collection of trusted certificates used by the browser. This must be done for every browser that interacts with McAfee ePO. If the browser certificate changes, you must add the McAfee ePO server certificate again since the certificate sent by the server no longer matches the one that the browser is configured to use. • Replace the default McAfee ePO server certificate with a valid certificate that has been signed by a certificate authority (CA) that the browser trusts. This is the best option. Because the certificate is signed by a trusted CA, you do not need to add the certificate to all web browsers within your organization. If the server host name changes, you can replace the server certificate with a different one that has also been signed by a trusted CA. To replace the McAfee ePO server certificate, you must first obtain the certificate - preferably a certificate that has been signed by a trusted CA. You must also obtain the certificate's private key and its password (if it has one). Then you can use all of these files to replace the server's certificate. For more information on replacing server certificates, see Security keys and how they work. The McAfee ePO browser expects the linked files to use the following format: • Server certificate - P7B or PEM • Private key - PEM If the server certificate or private key are not in these formats, they must be converted to one of the supported formats before they can be used to replace the server certificate. Replacing the server certificate Use this task to specify the server certificate and private key used by ePolicy Orchestrator. For option definitions, click ? in the interface. Task 1 Click Menu | Configuration | Server Settings, then click Server Certificate in the Settings Categories list. 2 Click Edit. The Edit Server Certificate page appears. 3 Browse to the server certificate file and click Open. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 37