Jump to content

Recommended Posts

Posted

Hi,

I need your advices... I've migrated our ERA server to a new one. I followed this procedure (hxxp://help.eset.com/era_install/64/en-US/index.html?migrated_database_different_ip.htm) but now,

My Peer CA are in Status "no". and i don't know why but i got double certificates...

PCs/SRVs are connecting to the new one.

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
 
Thank you

2017-03-22_180434.jpg

  • Administrators
Posted

Did you export the CA certificate from the former server? ( Export all Certification Authority Certificates from your ERA Server and save each CA certificate as a .der file.)

Did you import it on the new one? (  Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key. )

  • Former ESET Employees
Posted

Hi Jarno,

could you provide screenshot from ERA Web Console: Navigate to Admin->Certificates->Certification Authorities ? 

# of signed active peer certificates - values in this table column are important (See screenshot)

2.png

Posted

hi,

it's empty. no numbers inside the field.

 

  • Former ESET Employees
Posted

and have you changed ERA Server certificate in Server Settings to use previous Server certificate from your old ERA Server?

Posted

Katarina or Marcos - If you are using Teamviewer, we can check together on the server. I can give you an ID in PM.

  • ESET Staff
Posted (edited)

Hello, Just to verify. 
Your issue is that the certificates are present twice and the column "CA is present" is under status "no" ? 
Or is there an issue with Agent connection due to the certificate duplicity? (you can see that in "status.html" on client device)
 

Edited by Oliver
Posted

Hi Olivier,

Iissue is that the column "CA is present" is under status "no"

  • ESET Staff
Posted

Ok.
So that is just a "visual bug" and everything else is working correctly. 
But if you want to "fix" it, there is a way.
You can create a new ERA CA ->  Generate(create) a new set of certificates and sign them with this NEW ERA CA and than , replace all those "old" certificates with those shiny new ones ( use these new signed certificates in respective policy and use the "force" option and assign this policy to all required devices). 
After you verify that the CA and certificates are working correctly and every device is using the new certificate-> you can  revoke all other (not-so-shiny) certificates and CA. 

 

Posted

Thank you Olivier, i'm gonna try that.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...