Jarno 0 Posted March 22, 2017 Posted March 22, 2017 Hi, I need your advices... I've migrated our ERA server to a new one. I followed this procedure (hxxp://help.eset.com/era_install/64/en-US/index.html?migrated_database_different_ip.htm) but now, My Peer CA are in Status "no". and i don't know why but i got double certificates... PCs/SRVs are connecting to the new one. ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0) Thank you
Administrators Marcos 5,450 Posted March 22, 2017 Administrators Posted March 22, 2017 Did you export the CA certificate from the former server? ( Export all Certification Authority Certificates from your ERA Server and save each CA certificate as a .der file.) Did you import it on the new one? ( Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key. )
Former ESET Employees Katarina 3 Posted March 23, 2017 Former ESET Employees Posted March 23, 2017 Hi Jarno, could you provide screenshot from ERA Web Console: Navigate to Admin->Certificates->Certification Authorities ? # of signed active peer certificates - values in this table column are important (See screenshot)
Jarno 0 Posted March 23, 2017 Author Posted March 23, 2017 hi, it's empty. no numbers inside the field.
Former ESET Employees Katarina 3 Posted March 23, 2017 Former ESET Employees Posted March 23, 2017 and have you changed ERA Server certificate in Server Settings to use previous Server certificate from your old ERA Server?
Jarno 0 Posted March 23, 2017 Author Posted March 23, 2017 Katarina or Marcos - If you are using Teamviewer, we can check together on the server. I can give you an ID in PM.
ESET Staff Oliver 9 Posted March 23, 2017 ESET Staff Posted March 23, 2017 (edited) Hello, Just to verify. Your issue is that the certificates are present twice and the column "CA is present" is under status "no" ? Or is there an issue with Agent connection due to the certificate duplicity? (you can see that in "status.html" on client device) Edited March 23, 2017 by Oliver
Jarno 0 Posted March 23, 2017 Author Posted March 23, 2017 Hi Olivier, Iissue is that the column "CA is present" is under status "no"
ESET Staff Oliver 9 Posted March 23, 2017 ESET Staff Posted March 23, 2017 Ok. So that is just a "visual bug" and everything else is working correctly. But if you want to "fix" it, there is a way. You can create a new ERA CA -> Generate(create) a new set of certificates and sign them with this NEW ERA CA and than , replace all those "old" certificates with those shiny new ones ( use these new signed certificates in respective policy and use the "force" option and assign this policy to all required devices). After you verify that the CA and certificates are working correctly and every device is using the new certificate-> you can revoke all other (not-so-shiny) certificates and CA.
Recommended Posts