• State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 14618 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to install a cert for the Rapid Recovery Agent

brianf116
over 6 years ago

Has anyone had any success installing a certificate for the Rapid Recovery Agent?  When I put in the thumbprint and restart the recovery service, it replaces the thumbprint I entered.  I was following kb 117531.  Any help would be appreciated.  Thanks!

Parents
  • 0 over 6 years ago

    I installed an agent certificate a few times without facing any issues at all. In my case the customers had to use SHA-2 certificates while keeping AppAssure 5.4.3 agents.
    Basically I created a self signed certificate with an exportable key (won't work otherwise), copied it in the Certs Store on the Agent -- Trusted Root Certification Authority, enabled it specifically for all purposes and replaced the thumbprint in the Agent Registry. The idea is that when the agent starts up it checks the thumbprint in the Certificate store and if it finds it, it uses the certificate already there. Please note that you need to replace the Cert thumbprint for two reg key values (AppAssure/RapidRecovery can use two certificates if needed but you are fine with just one).
    The Agent protection needs to be repaired as the core has the old agent certs.
    If you are using an AppAssure 5.4.3 core, there is a patch that makes it understand SHA-2 certs.

    Just two caveats:
    1. If you create your own cert, it will be placed most likely in your Personal Certs Store branch. You need to export it (including the key) and re-import it in the Trusted Root Certs Store.

    2. If you install a Sha2 cert, the thumbprint is still sha1 -- this is normal as the thumbprint is used just in place of the cert name.

    Hope that this helps.

    Anyway, that is all that is to it. If you have some difficulties implementing the solution, please open a case with us.

Reply
  • 0 over 6 years ago

    I installed an agent certificate a few times without facing any issues at all. In my case the customers had to use SHA-2 certificates while keeping AppAssure 5.4.3 agents.
    Basically I created a self signed certificate with an exportable key (won't work otherwise), copied it in the Certs Store on the Agent -- Trusted Root Certification Authority, enabled it specifically for all purposes and replaced the thumbprint in the Agent Registry. The idea is that when the agent starts up it checks the thumbprint in the Certificate store and if it finds it, it uses the certificate already there. Please note that you need to replace the Cert thumbprint for two reg key values (AppAssure/RapidRecovery can use two certificates if needed but you are fine with just one).
    The Agent protection needs to be repaired as the core has the old agent certs.
    If you are using an AppAssure 5.4.3 core, there is a patch that makes it understand SHA-2 certs.

    Just two caveats:
    1. If you create your own cert, it will be placed most likely in your Personal Certs Store branch. You need to export it (including the key) and re-import it in the Trusted Root Certs Store.

    2. If you install a Sha2 cert, the thumbprint is still sha1 -- this is normal as the thumbprint is used just in place of the cert name.

    Hope that this helps.

    Anyway, that is all that is to it. If you have some difficulties implementing the solution, please open a case with us.

Children
No Data