Product guide
Import certificates to server
In an environment where McAfee ePO is deployed across different domains, import Microsoft CA
certificates to the system where McAfee ePO or Agent Handler is installed.
Before you begin
• Perform this task only if McAfee ePO is not in the same domain with enterprise CA\PKI.
• Specify ePO Deep Command credentials and import the Server Authentication Certificate
in McAfee ePO.
In an enterprise CA\PKI, the Microsoft directory service automatically replicates the root or
intermediate certificates. If it's a standalone CA or non-Microsoft PKI, and if the required certificates
are not available, perform this task. This prevents 401 or 12175 errors from being displayed in the
AMTService.log file.
When you use Internet Explorer to install the certificate to your Trusted Roots certificate store, it
affects only the current user's certificates and not the local system. Users must use the Microsoft
Management Console certificates to install on the local system or a service account. You must be
check in these certificates to Trusted Root Certification and Intermediate Certification Authorities, then restart the
McAfee ePO services.
These instructions are specific to importing the root or intermediate certificate of the CA that was used
for creating and signing the Server Authentication Certificate.
Task
For option definitions, click ? in the interface.
1
On the McAfee ePO server, run mmc from the command prompt.
2
Select File | Add/Remove Snap-in, then click Add.
3
In Add Standalone Snap-in, select Certificates, then click Add.
4
From the Certificates snap-in page, select Computer Account, then click Next.
5
From the Select Computer page, select Local Computer, then click Finish.
6
Click Close, then click OK.
7
Go to Console Root and expand Certificates (Local Computer), then expand Trusted Root Certification Authorities.
The Certificates folder must be displayed in the right pane. Right-click Certificates, then click all Tasks |
Import.
8
In the Certificate Import wizard, click Next, then Browse and select the CA Certificate. Make sure that
Trusted Root Certification Authorities is where the certificate is stored. Click Next, then click Finish to
complete the certificate importing process.
9
Go to Console Root and expand Certificates (Local Computer), then expand Intermediate certification Authorities.
The Certificates folder must be displayed in the right pane. Right-click Certificates, then click all Tasks |
Import.
Create a certificate chain
You can copy the root and intermediate certificates to a single file and save it as a Privacy Enhanced
Mail (PEM) file.
This task is required only when you're using remote configuration and to use a chain of certificates for
server authentication.
Additional information
Set up the environment for Microsoft CA authentication
A
McAfee ePO Deep Command 2.1.0 Product Guide
151