Peer certificate is invalid

[sanlucas 0]

Hi I have about 40 pcs that shows me this error

Peer certificate is invalid

What should I check?

Server:

ESET Security Management Center (Server), Version 7.1 (7.1.503.0)
ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)

 

Clients:

Agente 6.5.522.0

ERA 7.1.2053.0

[Marcos 5,070]

Did you upgrade to ESMC 7.1 from ERA 6.5 or you installed it from scratch without backing up certificates?

[sanlucas 0]

Hi Marcos, I made that update in July last year and had to update all the clients win7 and XP manually.

At the time create a completely new server from 0.

Edited March 10, 2020 by sanlucas

[Marcos 5,070]

What error is reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html ? Once the agent starts reporting to ESMC. send an ESMC upgrade task to it so that it upgrades to v7.

 

[MartinK 378]

In case clients are still connecting, it probably means that AGENT's are not able to verify their own certificate. This might be caused by fact that they are missing CA certificate that was used to sign this certificate. If this is true, it also means that SERVER's peer certificate is signed by different CA certificate: was there any kind of certificate customization applied? Or ERA/ESMC migration scenarios were used?

[sanlucas 0]

Marcos: this is the status.html3

Scope	Time	Text
Last authentication	2020-Mar-11 11:26:49	Enrollment OK
Last replication	2020-Mar-11 11:26:50	ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.0.100" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.0.100" port: 2222 with proxy set as: Proxy: Connection: 192.168.0.54:3128, Credentials: Name: gaston, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.0.100:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c9571c4d-bc84-11e9-9313-1a4868efc0ac, Sent logs: 0, Cached static objects: 53, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 33123
Last successful replication	2020-Mar-09 11:02:49	OK Successful replications: 30217 All replication attempts: 30219 Connection: 192.168.0.100:2222 Scenario: REGULAR
Peer certificate	2020-Mar-11 10:59:49	Error Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number '018437f343bd744248ba7128a7e21ba08501' is invalid now (NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain) Peer certificate may be valid but can not be verified on this machine Check time validity and presence of issuing certification authority
Product	2020-Feb-17 11:29:38	Product install configuration: Product type: Agent Product version: 7.0.577.0 Product locale: en_US
Replication security	2020-Mar-11 11:26:50	OK Remote host: 192.168.0.100 Remote product: Server

[sanlucas 0]

Hi MartinK, I have not changed any certificate not in clients or servers, I have only run updates for the server through the console