How to verify the MOVE SVA-manager certs and thumbprint information
Articoli tecnici ID:
KB94657
Ultima modifica: 7/8/2021
Ambiente
McAfee Management for Optimized Virtual Environments (MOVE)
McAfee Security Virtual Appliance (SVA)
McAfee MOVE AntiVirus Multi-Platform (MOVE AV Multi-Platform) 4.x
Riepilogo
The MOVE Multi-Platform [SVA-manager] runs on Ubuntu platform, and automatically assigns offload scan servers to MOVE Multi-Platform clients based on configurable parameters. The MOVE OSS servers connect to SVA-manager to update the OSS details via the default port 8443.
The MOVE extensions and SVA-manager contacts ePO and adds the MOVE certificate to the ePO database from where it can be fetched. The ePO downloads the keystore.jks file, which contains the MOVE SVA-manager certificate.
You can verify the certificate of MOVE [SVA-manager] in the following ways:
Running an SQL script
Examining the SvaManagerPolicy.xml file
SQL Script
To verify MOVE [SVA-manager] certificate through ePO DB via SQL script:
Log on to SQL Server Management Studio.
Right-click the ePO database and select New Query.
Copy and paste the SQL script provided below into the SQL query window as shown in the image.
Select * from EPOPolicySettingValuesMT where SettingName in ('brokercert36', 'brokerprivatekey36', 'cacert36', 'brokercert', 'brokerprivatekey', 'cacert')
SvaManagerPolicy.xml
The SvaManagerPolicy.xml file contains the certificate information and is located in /opt/McAfee/movesvamanager/etc/.
To show the fingerprint information, enter keystore password: Just click Enter.
Keystore explorer
You can verify the certificate and Fingerprint information through keystore.jks file from open-source tool keystore explorer: https://keystore-explorer.org
Download the tool and install with default options.
Open the tool and click Open an Existing Keystore and browse the keystore.jksfile.
Enter the password: Just click Enter and double-click "Entry name" = '0'.
The certificate details with "FingerPrint" information is displayed.
To verify the certificate details, click the Export option.
Retain the default settings as the X.509 as Export format.
To save the file, click Browse and update the location and file name with file extension .cer.
Example:MOVEcert.cer
To view the certificate information, right-click the MoveCert.cer file and select the source as "notepad".
