McAfee EPOCDE-AA-BA Product Guide - Page 65
Master repository key pair, Other repository public keys, Working with repository keys - alliance
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
Configuring advanced server settings Managing security keys 7 • When the client agent key updater task runs (McAfee ePO Agent Key Updater), agents using different public keys receive the current public key. • If you are upgrading from ePolicy Orchestrator 4.0, the master key is unchanged. Whether or not you upgrade from version 4.0 or 4.5, the existing keys are migrated to your McAfee ePO 4.6 server. Local master repository key pairs • The repository secret key signs the package before it is checked in to the repository. • The repository public key verifies the contents of packages in the master repository and distributed repository. • The agent retrieves available new content each time the client update task runs. • This key pair is unique to each server. • By exporting and importing keys among servers, you can use the same key pair in a multi-server environment. Other repository key pairs • The secret key of a trusted source signs its content when posting that content to its remote repository. Trusted sources include the McAfee download site and the McAfee Security Innovation Alliance (SIA) repository. If this key is deleted, you cannot perform a pull, even if you import a key from another server. Before you overwrite or delete this key, make sure to back it up in a secure location. • The agent public key verifies content that is retrieved from the remote repository. Master repository key pair The master repository private key signs all unsigned content in the master repository. This key is a feature of agents 4.0 and later. Agents 4.0 and later use the public key to verify the repository content that originates from the master repository on this McAfee ePO server. If the content is unsigned, or signed with an unknown repository private key, the downloaded content is considered invalid and deleted. This key pair is unique to each server installation. However, by exporting and importing keys, you can use the same key pair in a multi-server environment. This is a fallback measure that can help to ensure that agents can always connect to one of your master repositories, even when another repository is down. Other repository public keys Keys other than the master key pair are the public keys that agents use to verify content from other master repositories in your environment or from McAfee source sites. Each agent reporting to this server uses the keys in the Other repository public keys list to verify content that originates from other McAfee ePO servers in your organization, or from McAfee-owned sources. If an agent downloads content that originated from a source where the agent does not have the appropriate public key, the agent discards the content. These keys are a new feature, and only agents 4.0 and later are able to use the new protocols. Working with repository keys Use these tasks to work with and manage repository keys. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide 65