Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Resolving certificate-related issues in OfficeScan/Apex One

    • Updated:
    • 18 Oct 2021
    • Product/Version:
    • Apex One
    • OfficeScan
    • Platform:

This article lists the certificates used in OfficeScan XG/Apex One.

For the product servers and client machines that do not have these certificates, the following issues may occur:

  • Clients remain in "Updating" state and fail to get their updates from the server
  • Server cannot verify the agents' digital signatures during Inter-Process Communication (IPC)
Certificate checking for program update was further enhanced in later product versions. Please refer to the following article for more details: Enhancement for digital signature checking in OfficeScan.

These issues occur when OfficeScan/Apex One is installed on a Windows machine without direct Internet connection for downloading certificate updates. These certificates are necessary on the endpoints, as well as the server itself.

To resolve this issue:

  1. Download the root and intermediate certificates from the following links:

    Certificates are free. If you encounter any issues, contact Trend Micro Technical Support.
  2. Install each certificate on the affected product server and problem endpoints.
  3. Open the certificate and click Install Certificate...
  4. Click Next when the Certificate Import Wizard appears.
  5. For Windows 2012, select Local Machine and click Next.
  6. Select "Place all certificates in the following store" and click Browse.
  7. Check Show physical stores > Trusted Root Certification Authorities > Local Computer and click OK.

    • For 2016 and above, just choose "Trusted Root Certification Authorities" and click OK.

      Trusted Root CA

    • For Domain users, refer to this external article.
  8. Click Finish. "The import was successful message" should appear.

The certificate-related issues should be resolved.

If manually adding the certificates and performing a Windows Update does not work, check for a Group Policy Object (GPO) that turns off Automatic Root Certificates Update:

  1. Go to Computer Configuration > Policies > Administrative Templates > System > Internet Communication Management > Internet Communication Settings > "Turn off Automatic Root Certificates Update".
  2. Make sure that the value is set to "Not configured" (default value).
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.