jimwillsher 64 Posted March 4, 2015 Share Posted March 4, 2015 Help! I've migrated another 35-user license to ERA6 and I'm in the process of rolling out packages. I've now tried three times and each time I get "Peer Certificate is Invalid when I install the agent. This is the first certificate I've created since I did the .365 upgrade from .265, but I don't know if that matters. Also, I notice on my previous certificates the product is shown as agent but with the new certificate it's Agent (capital A). Again, I don't know if that matters. Please can someone assist, or advise what may be wrong? The Agent Live Installer downloads fine, the Agent installs fine, and it connects to the ERA okay. But within a few seconds the comptuer in ERA goes red and I see this error message. Many thanks Jim Link to comment Share on other sites More sharing options...
jimwillsher 64 Posted March 4, 2015 Author Share Posted March 4, 2015 Please disregard, I was just too quick! That error appears for 4-5 minutes if the connection is slow. Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 5, 2015 ESET Staff Share Posted March 5, 2015 Agent itself tries to verify its peer certificate. If agent is not able to verify its own peer certificate, then error "Peer Certificate is Invalid" will be generated to status log (status.html) and if possible, sent to a server. My guess is that Agent certificate (new one) was signed with different certification authority than server certificate was signed with. During deployment you have used new Agent certificate and original certification authority - this is correct way because original certification authority was enough for agent to verify server certificate and on the other hand, server was able to verify new agent certificate as it has all certification authorities in database. After first connection was successfully established, all trusted certification authorities from server were replicated to agent and from that moment agent was able to verify its own peer certificate and clear the error. Link to comment Share on other sites More sharing options...
jimwillsher 64 Posted March 5, 2015 Author Share Posted March 5, 2015 Yes that sounds like what happened :-) Link to comment Share on other sites More sharing options...
Recommended Posts