Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: Using externally generated certificates for Marshal Interface Agent

Expand / Collapse


This article applies to:

  • MailMarshal SPE 3.6 and above

Question:

  • How do I use my own certificate for the Marshal Interface Agent connection to Marshal Agents?
  • Using a certificate from a Certificate Authority for MIA

Procedure:

  1. Stop the MIA service and all Marshal Agent services that connect to it
  2. Delete the binding of the existing certificate with the MIA port
    1. Run netsh (Make sure that you have administrator privileges, for instance by using runas or starting netsh from an elevated command prompt).
    2. At the netsh> prompt, change to http context by entering http
    3. (Optional) At the netsh http> prompt, you can verify that the MIA port is bound by entering
      show sslcert
    4. Remove the MIA port binding by entering
       delete sslcert ip=0.0.0.0:19200
       
      The utility should confirm that the delete was successful.
  3. Manage certificates:
    1. Run MMC from Start>Run
    2. Add the Certificate snap-in for the local computer account
    3. Navigate to Certificates (Local Computer)\Personal\Certificates
  4. (Optional) Delete the default MIA certificate from the certificate store.
    • Note: You may wish to leave this certificate in the store as a backup. The certificate cannot be fully exported for backup, because the private key cannot be exported.
    1. Locate a certificate that is issued to computer_name by computer_name (where computer_name is the name of the server) and the Subject contains the following properties:
      • OU = Marshal Dev
      • O = Trustwave
      • CN = computer_name
    2. Remove that certificate.
  5. Insert your own certificate into the computer account certificate store, under the Personal store. The certificate can be a standard web server certificate ordered from a Certificate Authority. If you are creating your own certificate, it must meet the following criteria:
    • Certificate needs to contain a private key
    • Certificate subject: CN attribute must be the resolveable name of the computer where MIA is installed (DNS name or computer name). This is the server name you will enter when connecting.                          
    • Key usage: Digital Signature, Key Encipherment, Data Encipherment
    • Intended purpose: Server Authentication
  6. Copy the certificate hash (Thumbprint) formatted without spaces in between values
     for example: 035c49f034ee505b8d1cad1f3485fb642b470607
  7. Add the binding for the MIA port
    1. Run netsh as administrator
    2. At the netsh> prompt, change to http context by entering http
    3. At the netsh http> prompt, enter following command:
       add sslcert ip=0.0.0.0:19200 certhash=paste the hash from the step above appid={f0bd00f1-a9f0-4466-bd36-ee495fa9cc25}
      • For example:
        add sslcert ip=0.0.0.0:19200 certhash=035c49f034ee505b8d1cad1f3485fb642b470607 appid={f0bd00f1-a9f0-4466-bd36-ee495fa9cc25}
  8. Verify that the binding exists (at the netsh http> prompt, enter show sslcert)
  9. Start the MIA service
  10. Re-register all of the Marshal Agents using the Marshal Client Settings application (found on the Start Menu of each server).
    • In the URL field, be sure to specify the CN used in the new certificate.
  11. Start Marshal Agent services.

To contact Trustwave about this article or to request support:


Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.