celiopty 0 Posted February 10, 2020 Posted February 10, 2020 Machine translation: In the information of the console I get an error when creating certificate authority and the team connects us when reinstalling the console because the server had problems in windows and I could not rescue the certificates before. Now that I reinstall it create the certificates I get error in certificate authority, but it is signaled with a green hook. Now I made an installer with these certificates and after installing on a computer it connects to the server. But if I do the installation by client task the computers do not connect How to know if error with hook to see is just an event or I have to correct the certificate and how I do it. En la infiormacion de la consola me sale error al crear autoridad de certificado y los equipo nos e conectan al reinstalar la consola por que el servidor tuvo problemas en windows y no pude rescart los certificados antes. Ahora que lo reinstale cree los certificados me da error en autoridad de certificado, pero está señalado con un gancho verde. Ahora hice un instalador con estos certificados y luego de instalar en un equipo el mismo se conecta al servidor. Pero si hago la instalación por tarea de cliente los equipos no se conectan Como saber si error con gancho ver es solo un evento o tengo que corregir el certificado y como lo hago. Saludos.. Celio trace.log
ESET Staff MartinK 384 Posted February 10, 2020 ESET Staff Posted February 10, 2020 There are multiple network related errors in trace.log but the most recent, also visible in provided status.html is: 2020-02-10 19:52:48 Error: CAgentSecurityModule [Thread 2754]: Certificated user verification failed with: VerifyDnsSubjectAltName: Certificate SubjectAltName extension does not have any supported records which means that ESMC Server's certificate (as set in server's settings) does not contains hostname "localhost" in certificate. In other words, all hostanems or IP addresses used by AGENTS has to be listed in certificate, otherwise AGENT'ss will be rejecting connection. In this case hostname "localhost" is missing (I hope logs are from local AGENT installed on the same machine as ESMC), but also hostnames used by other AGENTs has to be present. Solution is to create new SERVER's certificate which will contain all possible hosts or wildcard "*" character, and it has to be signed by CA certificate that is already present in ESMC console, so that also AGENTs do have it. Once certificate is set in SERVER's configuration via console, AGENTs should start connecting.
Recommended Posts