Can I use my own certificate for the collector instead of the self-signed certificate?

Article ID: 328
Category: Collector Service
Applies to: 3.2 and higher
Updated: 2018-12-10

Yes, however, if you change the certificate used for the Collector, your agents will refuse to connect to the Collector once the certificate has changed. This will require a manual configuration update (Push Configuration) for your agents so that they can reconnect.

You can substitute the self-signed certificate which is automatically generated by the collector by following the steps below. You will need to provide a password-protected PKCS#12 archive file with a .PFX extenstion.

  1. Download the PSEXEC utility from the SysInternals suite and copy it to the machine where the EventSentry Collector service is running
  2. On the "Collector" dialog in the EventSentry management console, click the Reset Certificate button. Stop the EventSentry Collector service
  3. Push the configuration to all remote agents
  4. Rename the new .pfx file to es_collector_svc.pfx and copy it to the %SYSTEMROOT%\System32\eventsentry\secure directory, replacing the existing file there.
  5. In an elevated command line, run the following command: psexec /s /i /d regedit.exe. Regedit should appear.
  6. In regedit, navigate to the HKEY_CURRENT_USER\Software\\eventsentry\collector key
  7. Replace the content of the ssl_certificate_password with the password of your PFX file.
  8. Start the EventSentry Collector service
  9. Review the application event log to spot any potential log entries indicating an error. You can always click the Reset Certificate button again to generate a new certificate, you will not have to push the configuration again.