Summary
Details
To replace the Mobile Security console certificate:
A Local Communication Server (LCS) is required to have the tools for generating a new certificate (OpenSSL). You do not need to use the LCS, but it will be necessary in certificate creation.
- Prepare a 2048-bit public key by using a third-party key, or by generating a new public key from the Local Communication Server as shown below.
- Go to <installation path>\Trend Micro\Communication Server\.
- Copy the following files to a new folder outside the Local Communication Server (e.g. Desktop):
- gencert.bat
- libeay32.dll
- openssl.exe
- openssl_gencert.cnf
- ssleay32.dll
- Open the gencert.bat file in a text editor.
- Under "generate private key and CSR" section, change "openssl genrsa -out mdm-server-key-78ac9037.pem 1024" to "openssl genrsa -out mdm-server-key-78ac9037.pem 2048".
- Open cmd.exe and run the following command:
gencert.bat <openssl path> <common name> <password>
For example, execute "gencert.bat .\ MDMCert-2048 Pa$$w0rd!" and the new communication-server-cert.p12 file will be created.
- On your Mobile Security server, install the certificate.
- Open mmc.exe.
- Go to File > Add/Remove Snap-in.
- Select Certificates from left panel and add to the right.
- Select Computer account > Local Computer.
- Navigate to Certificates > Personal > Certificate > All Tasks > Import.
- Import the created communication-server-cert.p12 file.
- On your Mobile Security server, configure IIS to use the certificate.
- Open the Internet Information Services (IIS) Manager.
- Select MDM Web Site from the left panel.
- Under Actions > Edit Site, click Bindings... from the right panel.
- Select the https entry and click Edit...
- Under SSL certificate, select your imported certificate. The certificate name will be the common name assigned during certificate creation. For self-signed certificate, you may encounter a warning message regarding intermediate certificates, just click OK.
- Under Manage Website, click Restart.
- On your Mobile Security server, restart the master service.
- Open services.msc.
- Restart the Mobile Security Management Module Service.
- Close your browser and then access your MDM web console again.
The certificate public key should now be changed to 2048-bit RSA.