Microsoft Azure requires additional credentials for the Agent to upload information the to SecureCloud device management.
In SecureCloud versions prior to 3.6, the credentials cannot be modified after the Agent has been registered to SecureCloud server.
This article discusses how you can update you Microsoft Azure credentials.
To update your Microsoft Azure credentials:
- Log in to your Azure account and download the .publishsettings file.
The .publishsettings file is an .XML file.
- Open the .publishsettings file using a browser or text editor and look for the ManagementCertificate="XXXX" part where XXXX is the base64 encoded string.
- Copy the base64 encoded string to a text file.
Example: azurecert.txt
- Decode the file using certutil (Windows) or base64 (Linux).
Windows:
- Open a command prompt and go to the location of the text file you created in Step 3.
- Using the certutil command, decode the text file to create a .PFX file.
certutil -decode <input file> <output file>
Example: certutil -decode azurecert.txt azurecert.pfx
Linux:
- Go to the directory of the text file you created in Step 3.
- Use the base64 command to decode the text file into a .PFX file:
base64 -d inputfile > outputfile
Example: base64 -d azurecert.txt > azurecert.pfx
- Using openssl, extract the pem certificate from the pfx file.
Linux:
- For your convenience, create a /certs/ directory and move the .PFX file.
- Run the following command:
# openssl pkcs12 -in /certs/azurecert.pfx -out /certs/azurecert.pem –nodes
Windows:
- Download and install openssl.
- Create a C:\certs\ folder and move the .PFX file.
- Open a command prompt and go to the OpenSSL\bin folder.
cd %homedrive%\OpenSSL\bin
- Use the openssl command to extract the pem certificate:
openssl pkcs12 -in c:\certs\azurecert.pfx -out c:\certs\azurecert.pem –nodes
Linux
Using scconfig
- Go to the SecureCloud installation directory:
# cd /var/lib/securecloud/
- Run the scconfig.sh tool:
# ./scconfig.sh --update_credentials
- Provide the following information:
- Azure Subscription ID
- Management certificate file path (Example: /certs/azurecert.pem)
- Management certificate password (optional)
Using scprov
- Go to the SecureCloud installation directory:
# cd /var/lib/securecloud/
- Create an agentconfig.ini file:
# vim agentconfig.ini
- Add the following in the file:
[Microsoft-Azure]
SUBSCRIPTION_ID=ID NUMBER
CERTIFICATE_PATH=/certs/azurecert.pem
CERTIFICATE_PASSWORD= - Execute the scprov script:
# ./scprov.sh reconf --agentconfig=agentconfig.ini
Windows
Using scconfig
- Go to SecureCloud installation directory:
cd C:\Program Files (x86)\Trend Micro\SecureCloud\Agent\
- Run the scconfig.exe tool:
scconfig.exe --update_credentials
- Provide the required information:
- Azure Subscription ID
- Management certificate file path (Example: C:\certs\azurecert.pem)
- Management certificate password (optional)
Using scprov
- Create an agentconfig.ini file in the SecureCloud installation folder using Notepad or any text editor.
The installation folder is usually C:\Program Files (x86)\Trend Micro\SecureCloud\Agent\.
- Add the following in the agentconfig.ini file:
[Microsoft-Azure]
SUBSCRIPTION_ID=ID NUMBER
CERTIFICATE_PATH=/certs/azurecert.pem
CERTIFICATE_PASSWORD= - Run the following commands to execute the scprov script:
cd C:\Program Files (x86)\Trend Micro\SecureCloud\Agent\
scprov.exe reconf --agentconfig=agentconfig.ini