Jump to content

Migrating to a new server


Recommended Posts

I'm following this guide:

https://help.eset.com/esmc_install/70/en-US/clean_installation_different_ip.html

However when I try to create a new certificate on an old server, it doesn't let me. I get an error:

Quote

Failed to create certificate: Creating and signing peer certificate failed. Check input parameters for invalid or reserved characters, check certification authority pfx/pkcs12 signing certificate and corresponding password.: Trace info: CreatePeerCertificate: PFXImportCertStore failed with The specified network password is not correct. Error code: 0x56

Does it mean CA requires a password? What if I don't remember my CA password?

Edited by Arekn
formatting
Link to comment
Share on other sites

  • Administrators

If you don't remember the password you will need to re-deploy agent using the new CA and peer agent certificate that are generated during installation of the ESMC server after migrating the db to the new server.

Link to comment
Share on other sites

  • ESET Staff

There are actually two alternatives:

  1. You do not need to create new certificate in case old one contains "asterix" in common name, i.e. in case it was signed in a way that it can be used on new hostname. If this is confirmed, you can re-use existing SERVER certificate without creating new one. Once client are migrated, I would recommend to create new certificate on new ESMC, to be sure it has latest possible parameters and validity is extended.
  2. You can create new CA certificate and SERVER peer certificate on old ESMC server. You just has to ensure that this new CA certificate is distributed to each client before migration policy is applied - but this is automatic in case proper order of steps will be used.
Link to comment
Share on other sites

14 hours ago, MartinK said:
  1. You do not need to create new certificate in case old one contains "asterix" in common name, i.e. in case it was signed in a way that it can be used on new hostname. If this is confirmed, you can re-use existing SERVER certificate without creating new one. Once client are migrated, I would recommend to create new certificate on new ESMC, to be sure it has latest possible parameters and validity is extended.

By SERVER certificate you mean peer server certificate? Or CA? Because I can't find a way to import a server peer certificate that I exported from the old server. I can only import CA.

Link to comment
Share on other sites

  • ESET Staff
47 minutes ago, Arekn said:

By SERVER certificate you mean peer server certificate? Or CA? Because I can't find a way to import a server peer certificate that I exported from the old server. I can only import CA.

You cannot import it into console for further management, but when setting certificate in ESMC's server settings, you can "upload" arbitrary certificate, and that is the way. As you won't be able to import it, it would be ideal to replace it later with certificate generated in new ESMC, but this will be possible once all agents are migrated to new server and actively connecting.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...