Jarno 0 Posted March 22, 2017 Share Posted March 22, 2017 Hi, I need your advices... I've migrated our ERA server to a new one. I followed this procedure (hxxp://help.eset.com/era_install/64/en-US/index.html?migrated_database_different_ip.htm) but now, My Peer CA are in Status "no". and i don't know why but i got double certificates... PCs/SRVs are connecting to the new one. ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0) Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,072 Posted March 22, 2017 Administrators Share Posted March 22, 2017 Did you export the CA certificate from the former server? ( Export all Certification Authority Certificates from your ERA Server and save each CA certificate as a .der file.) Did you import it on the new one? ( Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key. ) Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 22, 2017 Author Share Posted March 22, 2017 Yes i did. Link to comment Share on other sites More sharing options...
Former ESET Employees Katarina 3 Posted March 23, 2017 Former ESET Employees Share Posted March 23, 2017 Hi Jarno, could you provide screenshot from ERA Web Console: Navigate to Admin->Certificates->Certification Authorities ? # of signed active peer certificates - values in this table column are important (See screenshot) Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 23, 2017 Author Share Posted March 23, 2017 hi, it's empty. no numbers inside the field. Link to comment Share on other sites More sharing options...
Former ESET Employees Katarina 3 Posted March 23, 2017 Former ESET Employees Share Posted March 23, 2017 and have you changed ERA Server certificate in Server Settings to use previous Server certificate from your old ERA Server? Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 23, 2017 Author Share Posted March 23, 2017 yes. Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 23, 2017 Author Share Posted March 23, 2017 Katarina or Marcos - If you are using Teamviewer, we can check together on the server. I can give you an ID in PM. Link to comment Share on other sites More sharing options...
ESET Staff Oliver 9 Posted March 23, 2017 ESET Staff Share Posted March 23, 2017 (edited) Hello, Just to verify. Your issue is that the certificates are present twice and the column "CA is present" is under status "no" ? Or is there an issue with Agent connection due to the certificate duplicity? (you can see that in "status.html" on client device) Edited March 23, 2017 by Oliver Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 23, 2017 Author Share Posted March 23, 2017 Hi Olivier, Iissue is that the column "CA is present" is under status "no" Link to comment Share on other sites More sharing options...
ESET Staff Oliver 9 Posted March 23, 2017 ESET Staff Share Posted March 23, 2017 Ok. So that is just a "visual bug" and everything else is working correctly. But if you want to "fix" it, there is a way. You can create a new ERA CA -> Generate(create) a new set of certificates and sign them with this NEW ERA CA and than , replace all those "old" certificates with those shiny new ones ( use these new signed certificates in respective policy and use the "force" option and assign this policy to all required devices). After you verify that the CA and certificates are working correctly and every device is using the new certificate-> you can revoke all other (not-so-shiny) certificates and CA. Link to comment Share on other sites More sharing options...
Jarno 0 Posted March 23, 2017 Author Share Posted March 23, 2017 Thank you Olivier, i'm gonna try that. Link to comment Share on other sites More sharing options...
Recommended Posts