Jump to content

6.5 era migrated to 7.2 ESMC vsphere appliance Server Certificate


mbaker
 Share

Recommended Posts

I did not install the product initially.  No one is in the company that was involved back then. 

I deployed the OVA.  I Pulled the database.  So far so good.

I completed the setup of the new ESMC providing it a new host name and new ip address.  I have not yet set a task to redirect the client agents to the new ESMC as I see a potential problem.

Here is my question....  The 6.5 era server was called ERA.DOMAIN.COM and had an ip address of 10.10.1.20.  That name and address is reflected in the server certificate.  CN=Server at era.domain.com and 10.1.1.20 and 127.0.0.1;C=US;

The new 7.2 ESMC was given the host name ESMC.DOMAIN.COM and has an ip address of 10.1.1.30

The database pull migrated the ERA certificate authority and  3 peer certificates (The server certificate, the agent certificate, and the agent certificate for server assisted install)

The Name and IP address on the migrated server certificate do not match the new 72 ESMC host name or IP address.

This just looks wrong.  Looking at documentation for the product I see images of server certificates that do not include a host name or IP address.  Did one of my predecessors mess me up?

Before I point my clients at a server they cannot connect to.   I would like to understand better how this is supposed to work.

Thanks

 

Link to comment
Share on other sites

  • Administrators

This migration scenario should be applied:

https://help.eset.com/esmc_install/72/en-US/migrated_database_different_ip.html

Alternatively you can just re-deploy agent to clients from the new server to make them report to the new ESMC server.

Another way how to deal with this would by resolving era.domain.com to the new IP address 10.1.1.30 on your DNS server.

Link to comment
Share on other sites

7 hours ago, Marcos said:

This migration scenario should be applied:

https://help.eset.com/esmc_install/72/en-US/migrated_database_different_ip.html

Alternatively you can just re-deploy agent to clients from the new server to make them report to the new ESMC server.

Another way how to deal with this would by resolving era.domain.com to the new IP address 10.1.1.30 on your DNS server.

Thank you for the prompt reply.  The link and suggestions were helpful.

Since the database and CA are already migrated to the new ESMC appliance and I need to update the 6.5 agents to 7.2  My thought is to:

1. create a new server cert on the new ESMC appliance leaving host as the defualt *.

2.  change the server cert on the new ESMC appliance to the new cert. 

3.  Redeploy the agent using a 3rd party deployment tool.

I did notice that in the agent installer package advanced tab, in the Server Hostname Optional field.  The database pull retained the old ERA.domain.com value.  As the field name indicates its optional.  I plan to delete the value before downloading and deploying the agent.

Do you see anything wrong with this plan?

I don't see a reason to go back to the old ERA server, generate a new server cert and re-import/convert  the database.  If I'm wrong please let me know.

Thank you

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...