Agents report having partial chain certificates in System Center Configuration Manager (SCCM) and other events aggregating software. The problem stems from a partial chain due to missing certificate placements in the Trusted Root CA.
To resolve the issue:
- Open an MMC console and load the Certificate Manager Snap-In.
- Load the Certificate Snap-in to the console using Computer Account and Local account.
- Browse C:\Program Files (x86)\Trend Micro\OfficeScan Client and copy OfcNTCer.dat to a temporary location.
- Rename OfcNTCer.dat to OfcNTCer.cer and open it to verify that the issuer is OfficeScan NTSG.
- Import the OfcNTCer.cer into the Trusted Root Certificate Authorities in the MMC Console.
- Verify after import that the OfficeScan NTSG certificate is in the Trusted Root Certificate Authorities folder.
- In the MMC, go to Personal > Certificate Foldersand double-click the ofcsslagent certificate to verify that the chain is now complete.
The OfcNTcer.cer is common to all agents and a scripted import to the Trusted Root CA on the SSL agents will correct the chain.