Can I use my own certificate for the collector instead of the self-signed certificate?

Article ID: 328
Category: Collector Service
Applies to: 3.2 and higher
Updated: 2022-11-23

Yes, however, if you change the certificate used for the Collector, your agents will refuse to connect to the Collector once the certificate has changed. This will require a manual configuration update (Push Configuration) for your agents so that they can reconnect.

You can substitute the self-signed certificate which is automatically generated by the collector by following the steps below. You will need to provide a password-protected PKCS#12 archive file with a .PFX extension.

  1. Download the Microsoft PSEXEC utility from the [Microsoft SysInternals Website] and copy the utility to the machine where the EventSentry Collector service is running.
  2. Generate a unix timestamp that is at least 1 day in the future. You can use the "Human date to timestamp" function on this website:
  3. Make sure the EventSentry console is closed and open the registry editor on the EventSentry server.
  4. In the registry editor on the EventSentry server, Select the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\\EventSentry\Collector
  5. On the right side of the registry editor, double-click the cert_change_allowed_until item and in the editing popup, select the "decimal" setting and then paste the unix timestamp from step 2, click OK.
  6. Close the registry editor, otherwise you'll have problems once you get to step 9. Open the Eventsentry console and either push the configuration to your agents or Save&Deploy or Save, whichever is your customary method of updating the agent configurations. Use the web reports menu to choose Settings > Collector Status and verify that your agents show the new configuration number.
  7. Stop the EventSentry Collector service.
  8. Rename your PFX file so that it's named es_collector_svc.pfx and copy this renamed PFX file into the %SYSTEMROOT%\System32\eventsentry\secure folder, replacing the existing es_collector_svc.pfx file in the folder.
  9. In an Administrator command prompt, run the following command: psexec /s /i /d regedit.exe
  10. If the command was succesful, regedit (registry editor) should appear. In regedit, select the HKEY_CURRENT_USER\Software\\eventsentry\collector key
  11. On the right side of regedit, double-click the ssl_certificate_password item and in the editing popup, replace the current text in the Value Data field with the password of your PFX file.
  12. Close regedit, and start the EventSentry Collector service.
  13. Review the application event log to spot any potential EventSentry Collector eventlog entries indicating a certificate error. You can always click the Reset Certificate button in the EventSentry console (in the settings under Home > Collector) to stop using your PFX file and to generate a new self-signed certificate and to replace your es_collector_svc.pfx file with a randomly generated one. If you click Reset Certificate you will not have to edit the registry or update the agent configurations again if the date that you chose in step 2 has not expired.