Jump to content

Certificates with validity ending after year 2037 are not supported on Mac OS X


Recommended Posts

 

Hello, 

For resolve this only can create new certificate authority with date for example 2030? 

Certificates with validity ending after year 2037 are not supported on Mac OS X. It is not possible to parse a date variable from the Certificate Authority on Mac OS X. The Agent cannot connect, because OS X cannot accept the Certificate Authority.

Link to post
Share on other sites

In the case of peer certificate only agent certificate is necesary? or also server certificate with date 2030 is necessary ? 

 

Link to post
Share on other sites
  • Administrators

No, the CA certificate must not be valid beyond 2037 either:

https://support.eset.com/en/kb6737-create-a-new-certificate-or-certification-authority-in-eset-security-management-center-7x

Certificates with a Valid To date of 2037 or later are not supported. It is not possible to parse a date variable from the Certification Authority on macOS. The Agent cannot connect, because macOS is unable to accept the Certification Authority.

Link to post
Share on other sites

I generated a new CA certificate and peer certificate agent with date 2030, but no work,

the agent for mac is not  comunicate on the console ESMC

The question is, 

Is necessary create a new peer server certificate  with date  example 2030? 

I THINK will affects my windows agents communications 

Link to post
Share on other sites
  • Administrators

Yes, you should create a new CA certificate with the "valid to" date not beyond 2036. As long as both CA certificates exist, you can generate a different peer certificate for use on Mac and use the existing peer certificate for already installed agents on Windows.

Link to post
Share on other sites

I generated a new CA certificate and peer certificate agent with date 2030, but no work. 

CA certification authority not trusted? 

 

 

656608876_ScreenShot2020-05-02at7_57_08PM.png.ccffa7e6e06b0bbd807339c1c643bf95.png869146269_ScreenShot2020-05-02at7_55_08PM.png.900d87a01d562476aa5280b86ec3f72c.png1232134818_ScreenShot2020-05-02at7_54_18PM.thumb.png.c6e1fd45f8d1225dfa6c14c127a6c0e6.png

"CN=Server Certification Authority;C=US;"  This is original certification authority and  work with agent windows 

Link to post
Share on other sites
  • ESET Staff

It seems that your ESMC's certificate is signed using different CA certificate than your AGENT's certificate for macOS. In such case, you have to make sure that AGENT is installed with CA certificate that was used to sign ESMC's certificate: in this case it seems that different CA certificate was used (the one that was used to sign AGENT's certificate), which results in a state that AGENT is able to verify it's own certificate, but is is not able to verify ESMC's certificate and thus not connecting.

In case you install AGENT with CA certificate used to sign ESMC's certificate (i.e. certificate required to verify ESMC's certificate), AGENT won't be able to verify it's own certificate until first successful connection -> after that, AGENT will receive all CA certificates stored in ESMC and since than AGENT should be able to verify both it's own and also ESMC's certificate.

 

Link to post
Share on other sites

 The problem is CA certificate used to sign ESMC's certificate is a Valid To date of 2037

 

Certificates with a Valid To date of 2037 or later are not supported. It is not possible to parse a date variable from the Certification Authority on macOS. 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...