Changing a SafeGuard Enterprise client to a different SafeGuard Enterprise environment.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
SafeGuard Data Exchange
SafeGuard Configuration Protection
All supported versions.
What To Do
Due to cryptographic constraints it is not possible to move a SafeGuard Enterprise (SGN) client from one SafeGuard Enterprise Database to another.
During the first installation of the SafeGuard Enterprise Management Center, a certificate (the company certificate) is generated and stored in the SafeGuard Enterprise Database. This certificate is used to sign the local cache of the client and secure the communication between client and server as soon as the client configuration package gets installed.
A new backend (database) has by default a different certificate and therefore the client is not able to communicate with it.
In order to connect a client to a new backend, it is necessary to uninstall the SafeGuard Enterprise client and reinstall it using a client configuration package of the new backend.
As of SafeGuard Enterprise 5.5x it is possible to create a new SafeGuard Enterprise Database using a previously exported SafeGuard Enterprise company certificate. Clients of the "old" environment which were initialized using this company certificate can be connected to such a new database without a re-installation.