Jump to content

CA Problem after migration from OLD to NEW server


Jarno
 Share

Recommended Posts

Hi,

I need your advices... I've migrated our ERA server to a new one. I followed this procedure (hxxp://help.eset.com/era_install/64/en-US/index.html?migrated_database_different_ip.htm) but now,

My Peer CA are in Status "no". and i don't know why but i got double certificates...

PCs/SRVs are connecting to the new one.

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
 
Thank you

2017-03-22_180434.jpg

Link to comment
Share on other sites

  • Administrators

Did you export the CA certificate from the former server? ( Export all Certification Authority Certificates from your ERA Server and save each CA certificate as a .der file.)

Did you import it on the new one? (  Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key. )

Link to comment
Share on other sites

  • Former ESET Employees

Hi Jarno,

could you provide screenshot from ERA Web Console: Navigate to Admin->Certificates->Certification Authorities ? 

# of signed active peer certificates - values in this table column are important (See screenshot)

2.png

Link to comment
Share on other sites

  • Former ESET Employees

and have you changed ERA Server certificate in Server Settings to use previous Server certificate from your old ERA Server?

Link to comment
Share on other sites

Katarina or Marcos - If you are using Teamviewer, we can check together on the server. I can give you an ID in PM.

Link to comment
Share on other sites

  • ESET Staff

Hello, Just to verify. 
Your issue is that the certificates are present twice and the column "CA is present" is under status "no" ? 
Or is there an issue with Agent connection due to the certificate duplicity? (you can see that in "status.html" on client device)
 

Edited by Oliver
Link to comment
Share on other sites

  • ESET Staff

Ok.
So that is just a "visual bug" and everything else is working correctly. 
But if you want to "fix" it, there is a way.
You can create a new ERA CA ->  Generate(create) a new set of certificates and sign them with this NEW ERA CA and than , replace all those "old" certificates with those shiny new ones ( use these new signed certificates in respective policy and use the "force" option and assign this policy to all required devices). 
After you verify that the CA and certificates are working correctly and every device is using the new certificate-> you can  revoke all other (not-so-shiny) certificates and CA. 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...