SSL certificates Browsers supported by McAfee ePO warn about a server’s SSL certificate if the browser cannot verify whether a TrustedSource signed the certificate. Creating a self-signed certificate with OpenSSL stops the browser warning. Creating a self-signed certificate can provide the basic security and functionality needed for systems used on internal networks, or if you don't want to wait for a certification authority to authenticate a certificate. Create a self-signed certificate with OpenSSL Sometimes you might not be able to, or want to, wait for a certification authority to authenticate a certificate. During initial testing or for systems used on internal networks, a self-signed certificate can provide the basic security and functionality needed. Other useful OpenSSL commands You can use other OpenSSL commands to extract and combine the keys in generated PKCS12 certificates. You can also convert a password protected private key PEM file to a non-password protected file. Convert an existing PVK file to a PEM file The McAfee ePO software supports PEM-encoded private keys, including both password protected and non-password protected private keys. Using OpenSSL you can convert a PVK-formatted key to a PEM format. Migrate Certificate Authority Hashing Algorithm from SHA-1 to SHA-2 or higherTo remediate vulnerabilities in your McAfee ePO environment, migrate your existing certificates to more secure algorithm certificates or regenerate them. Security keys and how they workThe McAfee ePO server relies on three security key pairs. Master Repository key pairThe Master Repository private key signs all unsigned content in the Master Repository. Other repository public keysAgent-server secure communication (ASSC) keysAgents use ASSC keys to communicate securely with the server. Back up and restore keysPeriodically back up all security keys, and always create a backup before changing the key management settings.