Views:
Trend Micro Apex One provides a command line tool that allows you to create or renew the Edge Relay Server certificate that Security Agents use for communication. After creating a new certificate, the Edge Relay Server sends the new certificate to the Trend Micro Apex One server which then deploys the certificate to Security Agents the next time Security Agents connect to the Trend Micro Apex One server.
Important
Important
Off-premises Security Agents must connect to the Trend Micro Apex One server to obtain the new Edge Relay Server certificate. Any off-premises agents that do not receive the updated certificate can no longer communicate with the Edge Relay Server until connection with the Trend Micro Apex One server is established.

Procedure

  1. On the Edge Relay Server, open a command line editor and go to the following directory:
    C:\Program Files\Trend Micro\Apex One Edge Relay\OfcEdgeSvc\
  2. Execute the certificate tool by running the following command:
    ofcedgecfg.exe --cmd renewcert --opacertpwd <OsceOPA certificate password> [--keeprootca]
    Where:
    • --renewcert: Creates the new certificate
    • --opacertpwd <password>: Specifies the password for the certificate package
    The Edge Relay Server creates the new certificate package and automatically sends the certificate to the Trend Micro Apex One server. The Trend Micro Apex One server deploys the new certificate to Security Agents the next time the Security Agents report to the Trend Micro Apex One server.
    The following table lists the certificates that Security Agents use to communicate with the Edge Relay Server. You can replace the default self-signed certificates with a trusted certificate that your organization uses.
    Note
    Note
    The certificate issuer must be a trusted root CA.

    Certificate
    Location
    Webhost certificate
    LOCAL_MACHINE\Web Hosting
    Client certificate
    LOCAL_MACHINE\OfcEdge