Re-using the same Remote Management System (RMS) certificates for a new installation

  • Article ID: 117463
  • Updated: 23 Nov 2013

This article describes how you can ensure the same Remote Management System (RMS) certificates, as used by Enterprise Console or Control Center, are maintained.  This will enable previously deployed clients to send messages to a new installation.

Known to apply to the following Sophos product(s) and version(s)

Sophos Control Center
Enterprise Console

What To Do

  1. On the current installation take a backup of the registry key:
    HKLM\SOFTWARE\[WOW6432Node]\Sophos\Certification Manager\CertAuthStore\

  2. On the new server, import the backed up registry key prior to installing either Enterprise Console or Control Center.  

    • It is vital that the key is imported prior to installation.  It cannot be imported after installation.
    • If the new machine is running a different architecture, i.e., 32-bit to 64-bit, ensure that the registry file is updated to reference the correct location, prior to import.  On a 32-bit computer the correct path is: 'HKLM\SOFTWARE\Sophos\Certification Manager\' for a 64-bit computer it is: 'HKLM\SOFTWARE\wow6432node\Sophos\Certification Manager\'

Technical Information

By default when either Enterprise Console or Control Center are uninstalled, the following registry key is left behind:

HKLM\SOFTWARE\[WOW6432Node]\Sophos\Certification Manager\

This enables a subsequent installation on the machine to generate the same certificates and identity keys and therefore continue managing existing clients.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent