This tool supports the import of the following certificates:
- Webhost Certificate - Used for Apex One web console to encrypt the connection.
- OSF web-certificate - OfficeScan Service Framework Certificate is a self-signed certificate used for server side service program mutual authentication and security communication purposes. Unless there is a strong reason (e.g. self-signed certificates are not allowed/blocked in corporate network), it should not be replaced.
- NTSG certificate - Apex One agents uses public-key cryptography to authenticate communications that the Apex One server initiates on agents. With public-key cryptography, the server keeps a private key and deploys a public key to all agents. The public and private keys are associated with an Apex One installer-generated certificate.
- Agent HTTPS listening certificate - Security Agent TMListen process provides a function that works as an HTTP server to receive the message from the server.
When the TMListen process works in HTTPS protocol, it uses ofcsslagent as its certificate.
How to execute Apex One certificate tool:
- This tool will check if the certificate is expired or not. If the imported certificate has already expired, import process will not proceed.
- This tool will check the subject name of the certificate. Name is "Case Sensitive".
- Download and extract CertImportTool_B11034.zip on the Apex One Server.
- Launch OfcCertImport.exe
- Click the “Select file…” button of the certificate you want to import, you could select more than one cert. files and import them at the same time.
- Provide the password of the private key.
- Click Import Certificates and then click the Start Import button of the dialog.
- Apex One services will be restarted to replace the new certificate file(s).
- It will show the result of cert file importing.
This tool provides an alternative and simplified solution for the following KB:
- Web host certificate issues detected by the Troubleshooting Assistant for Server tool (Webhost certifcate import)
- Policy deployment issue due to Web Host Certificate mismatch (Webhost certifcate import)
- Configuring Apex One to use a certificate signed by corporate Certificate Authority (OSF Web-certificate import)
- Policy deployment status stuck on "Pending: Managed server deploying" on Apex Central (OSF Web-certificate import)
- Renewing/Regenerating the Apex Server NTSG and ofcsslagent certificates for Apex One (Apex One server NTSG certificate import and Agent HTTPS listening certificate import)
- Ofcsslagent certificate issue detected by the Troubleshooting Assistant for Server tool (Agent HTTPS listening certificate import)