The OfficeScan server maintains expired certificates for agents with expired public keys. For example, agents that have not connected to the server for an extended period of time have expired public keys. When agents reconnect, they associate the expired public key with the expired certificate, allowing them to recognize server-initiated communications. The server then deploys the latest public key to the agents.
When configuring certificates, note the following:
For the certificate path, mapped drives and UNC paths are accepted.
Choose a strong password and then record it for future reference.
When using the Authentication Certificate Manager tool, note the following requirements:
The user must have administrator privileges
The tool can only manage certificates located on the local endpoint
Command |
Example |
Description |
---|---|---|
CertificateManager.exe -c [Backup_Password] |
CertificateManager.exe -c strongpassword |
Generates a new Trend Micro certificate and replaces the existing certificate Do this if the existing certificate has expired or if it has been leaked to unauthorized parties. |
CertificateManager.exe -b [Password] [Certificate path] Note:
The certificate is in ZIP format. |
CertificateManager.exe -b strongpassword D:\Test\TrendMicro.zip |
Backs up all Trend Micro certificates issued by the current OfficeScan server Do this to back up the certificate on the OfficeScan server. Note:
Backing up the OfficeScan server certificates allows you to use these certificates if you need to reinstall the OfficeScan server. |
CertificateManager.exe -r [Password] [Certificate path] Note:
The certificate is in ZIP format. |
CertificateManager.exe -r strongpassword D:\Test\TrendMicro.zip |
Restores all Trend Micro certificates on the server Do this to restore the certificate on a reinstalled OfficeScan server. |
CertificateManager.exe -e [Certificate path] |
CertificateManager.exe -e <Agent_installation_folder>\OfcNTCer.dat |
Exports the OfficeScan agent public key associated with the currently used certificate Do this if the public key used by agents becomes corrupted. Copy the .dat file to the agent’s root folder, overwriting the existing file. Important:
The file path of the certificate on the OfficeScan agent must be: <Agent_installation_folder>\OfcNTCer.dat |
CertificateManager.exe -i [Password] [Certificate path] Note:
The default file name of the certificate is: OfcNTCer.pfx |
CertificateManager.exe -i strongpassword D:\Test\OfcNTCer.pfx |
Imports a Trend Micro certificate to the certificate store |
CertificateManager.exe -l [CSV Path] |
CertificateManager.exe -l D:\Test\MismatchedAgentList.csv |
Lists agents (in CSV format) currently using a mismatched certificate |