search cancel

Replacing Communication Certificates on DLP Endpoint Agents.

book

Article ID: 202898

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover Data Loss Prevention Core Package

Issue/Introduction

How do I replace certificates on endpoint agents. 

Environment

Release :  All 

Component : Data Loss Prevention Endpoint Prevent/Discover

Cause


I need to replace the certificates used for endpoint communication due to one of the following:
Alerts:
2134: Certificate authority file is corrupt
2137: Server keystore is missing or corrupt
Updates:
I have updated the endpoint keystore password and generated a new certificate authority file. 

Resolution

In order for agents to receive updated certificates signed by the new certificate authority:

  1. A new agent package must be created by Enforce.
  2. The agent must be deployed using an uninstall/reinstall strategy. 

Note: DLP does not trigger an automatic reboot, however, MSI may require a reboot to complete the uninstall process.