Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"An internal error occurred..." message appears when exporting the Apex One certificate using CertificateManager.exe

    • Updated:
    • 17 Sep 2021
    • Product/Version:
    • Apex One
    • Platform:

When you try to export the Apex One certificate using the CertificatManager.exe tool, you receive the following error message:

An internal error occurred while configuring the server authentication settings. Send the debug log to Support for further information.

An internal error occurred

The Admin can find the corresponding log recorded in the System Event Logs of the Apex One server as well:

User "LogOnUserName" unsuccessfully attempted to export the server authentication certificate at Date Time.

During the Apex One Patch 3 Build 5358 installation, there is a message stating that Trend Micro recommends to manually back up the Apex One Authentication certificate before proceeding with the installation.

Trend Micro Installation Package

If the customer forgot to manually backup Apex One Server authentication certificate before applying Patch 3, they will encounter an error when using "CertificateManager.exe -b [Password] [Certificate path]" command.

One of the security enhancements introduced in Apex One Patch 3 is that the server certificate will be marked as non-exportable for security concern. During installation of Apex One Patch 3, there will be one-time change of the certificate to "non-exportable". Thus, the backup command "CertificateManager.exe -b [Password] [Certificate path]" may fail with the error message shown above.

Starting from Apex One On-Premise Patch 3, two new commands have been introduced for the CertificateManager.exe tool:

Import certificates with non-exportable enabled: -ine
Restore certificates with the exportable enabled: -re

You may follow the procedures below to resolve the issue in case you forgot to back up the Apex One server authentication certificate before applying the Patch 3:

  1. Go to Apex One server MMC > Certificates > OfficeScan NT Expired > Certificates > Export the OfficeScan Server NTSG certificate.
  2. Open a command prompt and run the following command to import the Apex One server authentication certificate to the certificate store with non-exportable enabled:

    C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Admin\Utility\CertificateManager\CertificateManager.exe -ine [Password] [Certificate path]

  • The certificate under "OfficeScan NT Expired" is the one automatically backed up when Patch 3 is applied.
  • The certificate under "Officescan NT" is the one currently in-use.
  • If a user exports the certificate under "OfficeScan NT Expired", it's recommended to:
    1. Export Private Key > Select "Yes, export the private key".
    2. Export File Format > Select "Personal Information Exchange - PKCS # 12 (.PFX)" and "Include all certificates in the certification path if possible" (default exporting format).

For more information, you can check the Authentication Certificate Manager documentation.

If the issue still persists, please enable Debug level logging on the Apex One Server and replicate the issue.

Configure; Troubleshoot
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.