GreenEnvy22 6 Posted September 11, 2015 Posted September 11, 2015 Hi all, Some of our users were accidentally given an incorrect installer which had an invalid certificate attached. I know I could have them uninstall and reinstall the agent using the correct one, but some of them are in 3rd world countries and the 60+ MB download is a pain for them. I was hoping there was a commandline method or some other method on their computers they could tell the agent to use a different certificate. Is this possible?
Administrators Marcos 5,462 Posted September 11, 2015 Administrators Posted September 11, 2015 It's not possible for security reasons and reinstallation of the agent will be needed. The agent installer is stored in c:\windows\installer folder, it should be one of the recently created msi files. During reinstallation you will be prompted for certificates. Alternatively you can use an Agent Live installer - create a new one so that it contains current certificates and edit the path to the Agent installer so that it points to a local share with the Agent msi installer.
GreenEnvy22 6 Posted September 11, 2015 Author Posted September 11, 2015 OK thanks. Is there any way to get the server to accept that alternate certificate as well? Like if I import it into trusted root on the server? Or will I also have to switch the server certificate in server settings (which would then block all the other users?)
Former ESET Employees Timos 8 Posted September 16, 2015 Former ESET Employees Posted September 16, 2015 Importing CA that signed Agent certificates into the Trusted Root Certificates on server machine should work. Server will accept these certificates. (It must be in Computer account, not My User nor Service account) BUT, agents will still reject server certificate unless they have CA that signed Server certificate. If they get this CA in installation, they should accept Server certificate.
Recommended Posts