As a workaround, do the following:
-
Delete the existing OsceEdgeRoot certificate from Trusted Root Certification Authorities of the Local Computer account either manually or by using CertTool from the Edge Relay Service program folder "C:\Program Files\Trend Micro\Apex One Edge Relay\OfcEdgeSvc":
CertTool -d Root LocalMachine OsceEdgeRoot
-
Recreate the OsceEdgeRoot certificate using makecert utility as follows:
makecert -n CN=OsceEdgeRoot -r -pe -a sha256 -len 2048 -ss Root -sr LocalMachine -cy authority
-
Renew the website and OsceOPA certificates:
ofcedgecfg.exe --cmd renewcert --opacertpwd <pwd> --keeprootca
where <pwd> is a password for exported OsceOPA certificate, free choice
-
Unregister and re-register Edge Server to the Apex One server:
ofcedgecfg.exe --cmd unreg --server <server_address> --port <server_port> --pwd <root_pwd>
ofcedgecfg.exe --cmd reg --server <server_address> --port <server_port> --pwd <root_pwd>where <server_address>, <server_port> are hostname/ip-address and the web console port number of the Apex One server, and <root_pwd> is the root account’s password.
-
Apex One off-premise Agents should log on to the corporate network to download and update certificates from the Apex One server.
After switching back to off-premise mode, they will remain online.