Sophos Disk Encryption Master Certificate Question

Question

Hi,

As part of our Sophos Data Protection Suite we have Disk Encryption 5.61 installed. We currently have SEC 5.1 installed and I've been tasked with a piece of work to upgrade this to v5.2.1 r2.

The problem I have is we have existing Disk Encryption in place. I have inherited the server install and documentation as is and I don't have all the information for the Disk Encryption certificates. I have the Master Officer and Company certificates, but the passwords for the p12 keys have been lost meaning I cannot import the certificates during the v5.2.1 upgrade.

I guess my main question is whether there is any way to export the certificates again from the SEC server, or maybe by using the Policy Editor, or Manage Certificates tools provided in the Safeguard installer?

If this isn't possible without the passwords, what options do I have to upgrade the console and how would this impact on existing machines with disk encryption?

Thanks for any help you can provide.

Gav

This thread was automatically locked due to age.

blardyblar · Accepted Answer

Hi, Just to follow up on this....support confirmed that there is currently no way to re-export the mso certificate, although this is being looked at for the future.  The only option is to decrypt any machines already encrypted and then build a new server and migrate and re-encrypt the machines on the new server. In the case of the upgrade I got lucky in that it detected the existing encryption and allowed the 5.2.1 upgrade to complete successfully, which buys us some time. In the long term, we will need to build a new server and migrate the clients over. Cheers :47429