When you replace the SSL certificate of OfficeScan website via IIS Manager and then you reboot the server or restart the OfficeScan services, the SSL certificate reverts back to the original.
This is a normal behavior of OfficeScan. By default, OfficeScan and its integrated Smart Protection Server (SPS) use the same port for HTTPS. For IIS Default web site users, the port is 443. For IIS Virtual web site users, the port is 4343.
When the integrated SPS service is restarted, it checks the value of "HTTPS" and "HTTPS_CERT" in PCCSRV\WSS\Service.ini to import the certificate. For example, HTTPS=4343 and HTTPS_CERT=Server2012.
To ensure that the certificate will not be reverted:
Add a friendly name to your certificate in Windows Certificate StoreWhen naming the friendly name, make sure the friendly name is not the same as the original name of the certificate.
- Patch to OfficeScan XG B5417 or later or Apex One
- Stop the following services:
- OfficeScan Master Service
- OfficeScan Active Directory Integration Service
- Trend Micro Smart Protection Server
- Open the <Server installation folder>\PCCSRV\WSS\Service.ini file.
- Replace the value of "HTTPS_CERT" with the correct name. For the following example, the value is modified to "OfficeScan Server NTSG".
Add the following new setting and set it to the certificate friendly name.
HTTPS_CERT_FRIENDLY_NAME=(certificate friendly name)
- Save the changes in the file.
- Open <Server installation folder>\PCCSRV\SRS\apricot_config.
- Replace the value of "cert_cn". For the example below, the value is modified to "OfficeScan Server NTSG".
Locate the <cert_cn></cert_cn> options tag. Under it add the following tag and specify the friendly name inside.
Save the changes in the file.
- Restart the aforementioned services in Step 1.