Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7270 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Disk Encryption Master Certificate Question

blardyblar

Hi,

As part of our Sophos Data Protection Suite we have Disk Encryption 5.61 installed.  We currently have SEC 5.1 installed and I've been tasked with a piece of work to upgrade this to v5.2.1 r2.

The problem I have is we have existing Disk Encryption in place.  I have inherited the server install and documentation as is and I don't have all the information for the Disk Encryption certificates.  I have the Master Officer and Company certificates, but the passwords for the p12 keys have been lost meaning I cannot import the certificates during the v5.2.1 upgrade.

I guess my main question is whether there is any way to export the certificates again from the SEC server, or maybe by using the Policy Editor, or Manage Certificates tools provided in the Safeguard installer?

If this isn't possible without the passwords, what options do I have to upgrade the console and how would this impact on existing machines with disk encryption?

Thanks for any help you can provide.

Gav

:46325


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Just to follow up on this....support confirmed that there is currently no way to re-export the mso certificate, although this is being looked at for the future. 

    The only option is to decrypt any machines already encrypted and then build a new server and migrate and re-encrypt the machines on the new server.

    In the case of the upgrade I got lucky in that it detected the existing encryption and allowed the 5.2.1 upgrade to complete successfully, which buys us some time.

    In the long term, we will need to build a new server and migrate the clients over.

    Cheers

    :47429
Reply
  • 0

    Hi,

    Just to follow up on this....support confirmed that there is currently no way to re-export the mso certificate, although this is being looked at for the future. 

    The only option is to decrypt any machines already encrypted and then build a new server and migrate and re-encrypt the machines on the new server.

    In the case of the upgrade I got lucky in that it detected the existing encryption and allowed the 5.2.1 upgrade to complete successfully, which buys us some time.

    In the long term, we will need to build a new server and migrate the clients over.

    Cheers

    :47429
Children
No Data