Migrate Existing Windows Event Collector Certificate

Customers who already have a signed Windows Event Collector certificate can migrate to Cortex XDR.
For users who are running broker VM version 8.0 and later, and have already have a signed Windows Event Collector certificate, it’s best to migrate your CA to the Cortex XDR console to better manage connection between the Windows Event Collector and Broker VM.
To migrate your exiting Windows Event Collector signed certificate to the Cortex XDR console:
  1. In Cortex XDR, navigate to
    Cortex XDR
    Settings
    Broker VMs
    table and locate your broker VM.
  2. Right click, select
    Applet Management
    Windows Event Forwarder Migration
    .
  3. In the
    Windows Event Forwarder Migration
    window:
    1. Securely import the signed certificate and key from your Linux server by copying and running in OpenSSL the
      Run Export Command
      . Make sure you enter your certificate and key file names.
    2. Copy the auto-generated password.
      Provide the following password
      when running the OpenSSL command to authenticate import.
    3. Upload CA Certificate
      by
      Drag and Drop
      or
      browse
      for your certificate.
    4. Upload
      your certificate to the Cortex XDR console.
      Cortex XDR displays an
      Action Succeeded
      notification.
      wec-migration.png
      After a successful migration, your certificates are managed and signed by Cortex XDR.
      It is recommended to delete the CA PFX file and private key from the secured host where the certificates were signed.

Recommended For You