Communications Agent Encryption Details for SureSync MFT

SureSync MFT use a self-signed X.509 certificate on each computer to enhance security and to allow more efficient encrypted transmissions.

If not present or expired, a new self-signed certificate is created with the name “SureSyncSSL” on a computer when the SureSync agent is started.

The certificate has two uses:

  1. Certificate encryption of transmissions can be used, which is more efficient than the other encryption options. This is one of the encryption options.
  2. Agent credentials for each computer must be stored in the SureSync database. To better secure these credentials, double encryption is used. The final encryption pass is with the public key from the remote machine. This ensures that only the remote computer can decrypt the credentials.

The agent needs access to the private key of the certificate in order to decrypt credentials. By default, the System account has access to private keys, but your security environment may have blocked that access.

You could supply your own certificate by deleting any “SureSyncSSL” certificate and adding your own with that name and “O=Software Pursuits”. Each machine must have their own unique certificate and you would need to manage expirations. The agent would still need access to the private key in order to double encrypt credentials.