Product guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED

141

142

143

144

145

146

147

148

149

150

Set up the environment for Microsoft CA authentication

To use certificates generated by Microsoft CA, perform these tasks in addition to the other mandatory

tasks for setting up ePO Deep Command.

We recommend that you use certificates generated by ePO Deep Command root CA to simplify the

configuration process. If you're using Microsoft CA for your environment, use it only for remote

configuration.

• (Optional) If your enterprise CA is located in a different domain than McAfee ePO, import CA

certificates to the certificate store of McAfee ePO.

• (Optional) If you need chain of certificates for authentication, create a certificate chain to import.

• Import Microsoft CA certificates to McAfee ePO.

• Create a certificate template.

• Enable the certificate template.

• Issue certificates automatically.

• Create a configuration profile that uses Microsoft CA to create certificates.

• (Optional) If you're using ePO Deep Command Gateway services, generate Microsoft CA certificates

to use with the Stunnel configuration.

Tasks

• Import certificates to server on page 151

In an environment where McAfee ePO is deployed across different domains, import

Microsoft CA certificates to the system where McAfee ePO or Agent Handler is installed.

• Create a certificate chain on page 151

You can copy the root and intermediate certificates to a single file and save it as a Privacy

Enhanced Mail (PEM) file.

• Import certificates to McAfee ePO on page 152

Import and activate Microsoft CA certificates to McAfee ePO.

• Create a certificate template on page 152

Create a remote configuration certificate template for the Intel

AMT configuration when

you're using self-signed CA certificates.

• Enable the certificate template on page 154

Enable the certificate template that you created for Intel

AMT configuration.

• Issue certificates automatically on page 154

Configure to issue certificates automatically to avoid sending the certificate requests to

"pending" queue.

• Create a configuration profile that uses Microsoft CA certificates on page 154

When you're creating a profile, select the Microsoft CA option as a method for creating

certificates.

• Generate certificates for Stunnel using Microsoft CA on page 156

Generate certificates from Microsoft CA to use with Stunnel configuration.

Additional information

Set up the environment for Microsoft CA authentication

150

McAfee ePO Deep Command 2.1.0 Product Guide