Peer Certificate is Invalid

[jimwillsher 65]

Help! I've migrated another 35-user license to ERA6 and I'm in the process of rolling out packages. I've now tried three times and each time I get "Peer Certificate is Invalid when I install the agent.

 

This is the first certificate I've created since I did the .365 upgrade from .265, but I don't know if that matters. Also, I notice on my previous certificates the product is shown as agent but with the new certificate it's Agent (capital A). Again, I don't know if that matters.

 

Please can someone assist, or advise what may be wrong? The Agent Live Installer downloads fine, the Agent installs fine, and it connects to the ERA okay.  But within a few seconds the comptuer in ERA goes red and I see this error message.

 

Many thanks

 

 

 

Jim

[jimwillsher 65]

Please disregard, I was just too quick! That error appears for 4-5 minutes if the connection is slow.

[michalp 20]

Agent itself tries to verify its peer certificate. If agent is not able to verify its own peer certificate, then error "Peer Certificate is Invalid" will be generated to status log (status.html) and if possible, sent to a server.

 

My guess is that Agent certificate (new one) was signed with different certification authority than server certificate was signed with. During deployment you have used new Agent certificate and original certification authority - this is correct way because original certification authority was enough for agent to verify server certificate and on the other hand, server was able to verify new agent certificate as it has all certification authorities in database.

 

After first connection was successfully established, all trusted certification authorities from server were replicated to agent and from that moment agent was able to verify its own peer certificate and clear the error.

[jimwillsher 65]

Yes that sounds like what happened :-)