To change the TMEAC Web Console's SSL Certificate:
- Log in to the TMEAC Server and download the zipped ChangeServerCert batch file.
- Extract the ChangeServerCert batch file into a temporary folder.
-
Copy the custom/third-party certificate files onto the same folder as the batch file.
Click image to enlarge
Custom/third-party certificate files
- custom-server.crt - The PEM or DER encoded certificate file ("Let's Encrypt" calls it "cert.pem").
- custom-server.key - The PEM or DER encoded private key corresponding to the certificate ("Let's Encrypt" calls it "key.pem").
- custom-server-ca-chain.crt - The PEM or DER encoded chain of certificates of the CA that signed the certificate file ("Let's Encrypt" calls it "chain.pem").
If the files are not named like mentioned above or the install path of the TMEAC is different from the default path, edit the batch script accordingly:
Click image to enlarge
- Open the command prompt with elevated privilege and change the current folder to where the batch script and certificate files are saved.
-
Run the ChangeServerCert.bat file.
Click image to enlarge
The batch script writes a "PKCS12" file containing the contents of all 3 files and the certificate to use for SSL with the alias name "WebServerCert".
The updated file is placed into "C:\Program Files (x86)\Trend Micro\Endpoint Application Control\SSLCerts\WebServerCert\WebServer_Cert.p12" and the existing file is saved beforehand (as *.backup file).
Should anything go wrong, stop the AC Server service and restore the "backup" file by removing the ".backup" suffix.
-
Verify the SSL Certificate of the WebUI.
Click image to enlarge