Jump to content

Error al crear autoridad de certificado (Error while creating CA)


celiopty
 Share

Recommended Posts

Machine translation:

In the information of the console I get an error when creating certificate authority and the team connects us when reinstalling the console because the server had problems in windows and I could not rescue the certificates before. Now that I reinstall it create the certificates I get error in certificate authority, but it is signaled with a green hook. Now I made an installer with these certificates and after installing on a computer it connects to the server. But if I do the installation by client task the computers do not connect

How to know if error with hook to see is just an event or I have to correct the certificate and how I do it. 

 

En la infiormacion de la consola me sale error al crear autoridad de certificado y los equipo nos e conectan al reinstalar la consola por que el servidor tuvo problemas en windows y no pude rescart los certificados antes. Ahora que lo reinstale cree los certificados me da error en autoridad de certificado, pero está señalado con un gancho verde. Ahora hice un instalador con estos certificados y luego de instalar en un equipo el mismo se conecta al servidor. Pero si hago la instalación por tarea de cliente los equipos no se conectan

Como saber si error con gancho ver es solo un evento o tengo que corregir el certificado y como lo hago.

Saludos..

Celio 

status log server1.jpg

status log server2.jpg

trace.log

Link to comment
Share on other sites

  • ESET Staff

There are multiple network related errors in trace.log but the most recent, also visible in provided status.html is:

2020-02-10 19:52:48 Error: CAgentSecurityModule [Thread 2754]: Certificated user verification failed with: VerifyDnsSubjectAltName: Certificate SubjectAltName extension does not have any supported records

which means that ESMC Server's certificate (as set in server's settings) does not contains hostname "localhost" in certificate. In other words, all hostanems or IP addresses used by AGENTS has to be listed in certificate, otherwise AGENT'ss will be rejecting connection. In this case hostname "localhost" is missing (I hope logs are from local AGENT installed on the same machine as ESMC), but also hostnames used by other AGENTs has to be present.

Solution is to create new SERVER's certificate which will contain all possible hosts or wildcard "*" character, and it has to be signed by CA certificate that is already present in ESMC console, so that also AGENTs do have it. Once certificate is set in SERVER's configuration via console, AGENTs should start connecting.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...