Use Existing Agent Certificate for a New DCS Environment

book

Article ID: 224193

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You are setting up a new DCS installation environment but you want to use an existing Agent certificate from another environment

Cause

This is to attempt to make agent deployment easier and/or move existing agents to a new server but only need to change the DCS manager hostname

Environment

Data Center Security Server Advanced 6.9.x

Resolution

After completing a new installation of DCS (as outlined here: Installing Management Server along with Tomcat and database using production mode), perform the following steps:

1. Stop the following services:

Symantec Data Center Security Server Manager
Symantec UMC Credential Service
Symantec UMC Telemetry Service
 

2. Make a backup of the following files:

<install directory>\Symantec\Data Center Security Server\Server\agent-cert.ssl
<install directory>\Symantec\Data Center Security Server\Server\server-cert.ssl
<install directory>\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml

 

3. Copy the following files from the existing DCS manager environment to the new DCS manager installation in the same location (rename the existing files or replace them if you made the necessary backups from Step 2):

<install directory>\Symantec\Data Center Security Server\Server\agent-cert.ssl
<install directory>\Symantec\Data Center Security Server\Server\server-cert.ssl

 

4. Open the following file with a text editor from the existing DCS manager environment:

<install directory>\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml

Navigate to this section: 

<Service name="Bridge-Service">

Copy the certificateKeystorePassword text from the following line in that section:

<Certificate certificateKeystoreFile="C:\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl" certificateKeystorePassword="ABCdefGHiJkLMNOPQrsTuVWXYz0123456789101" certificateKeystoreType="PKCS12"/>

 

5. Open the following file with a text editor from the new DCS manager environment:

<install directory>\Symantec\Data Center Security Server\Server\tomcat\conf\server.xml

Replace the certificateKeystorePassword text you copied from Step 4 in the following 3 sections in the new DCS manager server.xml file:

<Service name="Bridge-Service">
<Service name="SSS-Agent-Service">
<Service name="Catalina>
 
Save the newly edited server.xml file

 

6. Start the following services:

Symantec UMC Credential Service
Symantec UMC Telemetry Service
Symantec Data Center Security Server Manager
 

7. Test the communication with a new DCS agent install and/or change the hostname to the new DCS manager on an existing DCS agent install (if pointing to the existing DCS manager referenced here)