musicalvegan0

I can confirm that the above solution DOES NOT work for me. I exported the ERA CA's DER file and followed the steps above. After that didn't work, I even tried pushing out the certificate via Group Policy. This also did not work.

Let me be more clear. This is not a migration problem. This is a brand new installation on my network. That being said, none of my Windows clients will validate their own peer certificate despite these facts: The certificate was generated by the ERA console and the ERA CA was installed in the client's certificate store The certificate was generated by a client-trusted certificate authority Also, as far as I can tell, adding the certificate to the Windows certificate store should be an unnecessary step anyway since the installation instructions don't mention anything about installing certificates manually on clients. Installing to the certificate store was my idea in attempt to deduce a cause for the error message. So the real question is why are none of my Windows clients validating the peer certificate? As I said before, Linux does not have a problem validating the VERY SAME certificate that is invalidated by my Windows clients, so clearly it has something to do with how the Windows agent tests the peer certificate. I've decided to stop the installation of ESET Endpoint Security across my network until I can resolve this mess. Any other ideas?

Hi guys, All of my Windows clients, including the ERA Server which is hosted on Windows, are reporting 'Peer Certificate Invalid' in the administrator webconsole and in the client's status.html file. I've been fighting this issue for several weeks now. I've installed the server on both a CentOS host and Windows host in an attempt to solve the problem with no luck. Linux clients appear to approve the certificate without a problem even though the same CA and certificates are used for both Linux and Windows. In Windows, I've tried generating a certificate using my domain's certificate authority; I've tried adding the ERA CA to the certificate trust on my Windows clients; all with no luck. Here's an excerpt from a client's trace.log: 2015-08-28 17:58:44 Information: CAgentSecurityModule [Thread 1b78]: Checking agent peer certificate expiration in 30 days 2015-08-28 17:58:44 Information: SchedulerModule [Thread 1438]: Received message: RegisterSleepEvent 2015-08-28 17:58:44 Information: CAgentSecurityModule [Thread 1b78]: Agent peer certificate with subject 'CN=Agent at *, OU=OMITTED, O=OMITTED, L=OMITTED, S=OMITTED, C=US' issued by 'CN=ERA Certification Authority, OU=WYSU, O=OMITTED, L=OMITTED, S=OMITTED, C=US' with serial number '014b46df1ff16042c59f754523a2a9e40001' is invalid now Any help would be much appreciated!