Jump to content

Recommended Posts

Posted

Hi all,

Some of our users were accidentally given an incorrect installer which had an invalid certificate attached. 

 

I know I could have them uninstall and reinstall the agent using the correct one, but some of them are in 3rd world countries and the 60+ MB download is a pain for them.

I was hoping there was a commandline method or some other method on their computers they could tell the agent to use a different certificate.

 

Is this possible?

  • Administrators
Posted

It's not possible for security reasons and reinstallation of the agent will be needed. The agent installer is stored in c:\windows\installer folder, it should be one of the recently created msi files. During reinstallation you will be prompted for certificates. Alternatively you can use an Agent Live installer - create a new one so that it contains current certificates and edit the path to the Agent installer so that it points to a local share with the Agent msi installer.

Posted

OK thanks.

Is there any way to get the server to accept that alternate certificate as well? Like if I import it into trusted root on the server?

Or will I also have to switch the server certificate in server settings (which would then block all the other users?)

  • Former ESET Employees
Posted

Importing CA that signed Agent certificates into the Trusted Root Certificates on server machine should work. Server will accept these certificates. (It must be in Computer account, not My User nor Service account)

BUT, agents will still reject server certificate unless they have CA that signed Server certificate. If they get this CA in installation, they should accept Server certificate.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...