Views:

Apex One provides a command line tool that allows you to create or renew the Edge Relay Server certificate that Security Agents use for communication. After creating a new certificate, the Edge Relay Server sends the new certificate to the Apex One server which then deploys the certificate to Security Agents the next time Security Agents connect to the Apex One server.

Important:

Off-premises Security Agents must connect to the Apex One server to obtain the new Edge Relay Server certificate. Any off-premises agents that do not receive the updated certificate can no longer communicate with the Edge Relay Server until connection with the Apex One server is established.

  1. On the Edge Relay Server, open a command line editor and go to the following directory:

    C:\Program Files\Trend Micro\Apex One Edge Relay\OfcEdgeSvc\

  2. Execute the certificate tool by running the following command:

    ofcedgecfg.exe --cmd renewcert --opacertpwd <OsceOPA certificate password> [--keeprootca]

    Where:

    • --renewcert: Creates the new certificate

    • --opacertpwd <password>: Specifies the password for the certificate package

    The Edge Relay Server creates the new certificate package and automatically sends the certificate to the Apex One server. The Apex One server deploys the new certificate to Security Agents the next time the Security Agents report to the Apex One server.

    The following table lists the certificates that Security Agents use to communicate with the Edge Relay Server. You can replace the default self-signed certificates with a trusted certificate that your organization uses.

    Note:

    The certificate issuer must be a trusted root CA.

    Table 1.

    Certificate

    Location

    Webhost certificate

    LOCAL_MACHINE\Web Hosting

    Client certificate

    LOCAL_MACHINE\OfcEdge