If you want to replace an existing DES server certificate, the new certificate must be imported into the computer certificate store and the private key must be configured so that it can be exported.

Important information:

• Make sure your certificates are always up to date. If you need to replace the DES certificate or have additional linked DES installed, please enter the new certificates in the list in a timely manner and ensure that DriveLock Agents are assigned this policy before communicating with the DES (or new linked DES).

• As long as a DriveLock Agent has not yet managed to find the DES certificate in the list of trusted certificates, it will accept connections to any DES. Once the certificate is successfully verified, from that moment on the agent communicates only with the DES whose hash values are entered in the list of trusted certificates.

• If you remove all certificates from this list, the agents will communicate with all DES again.

Please find further information on the selection of trusted certificates here.

If a DriveLock Agent receives an invalid certificate, an error message will be displayed on the agent and there will be no more communication between DES and the Agent! In this case, the only solution is making manual changes in the Agent's local registry. Please contact DriveLock Support for more information.