Jump to content

ERA6 Certificate issues


Recommended Posts

Hi,

I've deployed ERA6 Linux appliance, it's hostname is BUSRV-ESET1.

It's connected to our domain, I can login as a domain user, and browse domain groups (though only in LDAP mode for some reason, AD mode gives error).

 

If I deploy the agent, it works fine. Users computers report in. However they are looking to connect to busrv-eset1.domain.lan, which only works from inside the building.

I'd prefer they connect to antivirus.domain.org. I've got internal DNS setup to point to the IP of the appliance, and external DNS setup to an external IP which is then NAT'd to that internal IP.

 

When I first tried to deploy an agent with this new server name, I put the antivirus.domain.org in as the server name. However while the deploy task showed as complete, the workstations never report in. I ran the diagnostics.exe app in the agent folder on the client, and in the log I can see it doesn't like that the server hostname (BUSRV-ESET1) is different than what the agent is asking for (antivirus.domain.org).

 

So I created new server and agent certificates, and added both BUSRV-ESET1 and antivirus.domain.org into the server name field on each. I made that new server certificate the active one, and then made a new deploy task using the new agent certificate.

However I am still having the same issue, the log file says that the name doesn't match.

 

 

Here is how the certificate looks:

DESCRIPTION
 
ISSUER
CN=Server Certification Authority;C=US;
 
PRODUCT
server
 
SUBJECT
CN=Server certificate for host BUSRV-ESET1,antivirus.domain.org;OU=IT;O=MYORG;L=MyCity;S=ON;C=CA;
 
HOST
BUSRV-ESET1,antivirus.domain.org
 
And the log file from the agent shows:
2015-02-19 04:46:42 Error: CAgentSecurityModule [Thread b74]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)
2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222
2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:46:42 Error: CReplicationModule [Thread be8]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:47:36 Error: CAgentSecurityModule [Thread e10]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)
2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222
2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:47:36 Error: CReplicationModule [Thread e08]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
 
Any thoughts on what is going on?
 
 
Link to comment
Share on other sites

We just used host * in our certs, but apart from that we're doing the same as you - connect to a FQDN, internal DNS pointing to the LAN machine; external firewall NATting etc.

 

  • Description
  • Issuer
    CN=xxxxx ESET CCA;
  • Product
    agent
  • Subject
    CN=Agent at *;
  • Host
    *
  • Serial number
    01xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Valid from
    2015 Feb 1 00:00:00
  • Valid to
    2025 Feb 2 00:00:0

 

Jim

Link to comment
Share on other sites

I get the same error on some clients (client deoployed from the server).

certificate created by ESET.

 

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module ERAG1ClientConnector (used 0 KB)
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CMDMCoreConnectorModule
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CMDMCoreConnectorModule (used 0 KB)
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CVAHCoreConnectorModule
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CVAHCoreConnectorModule (used 0 KB)
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module AgentToProxyConnectorModule
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module AgentToProxyConnectorModule (used 0 KB)
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CRDSensorConnectorModule
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CRDSensorConnectorModule (used 0 KB)
2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Used memory after modules start-up is 33036 KB
2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222
2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-03-04 15:03:41 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.x.x, ResolvedHostname:, ResolvedPort:2222
2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-03-04 15:03:46 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222
2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Protocol failure for session id 3, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-03-04 15:04:48 Error: CReplicationModule [Thread 1ffc]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

we need to check this with Devs please send me a private message with reference to this thread and provide me with:

1. trace.log from the server

2. trace.log from the agent

3. screenshot of the certificates.

 

We will check it.

 

P.R.

Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...