papillonf 0 Posted March 20, 2015 Share Posted March 20, 2015 Hi, when i configure an agent in a offsite location i receive a certificate error : Error: CReplicationManager: Replication (network) connection to 'host: "XXX.XXX.XXX.XXX" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete Error: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension I think i should add the public IP/FQDN to the server certificate. What would be the proper way to replace the server certificate without breaking everything... Thank you Link to comment Share on other sites More sharing options...
ESET Staff Solution michalp 20 Posted March 23, 2015 ESET Staff Solution Share Posted March 23, 2015 Before changing anything, please export all certificates (both peer certificates and certification authorities) so you will be able to repair your installation if something goes wrong. To create new server certificate, just follow wizard (Certificates -> Peer Certificates -> New) and fill in all fields that are necessary and sign this certificate by certification authority that was created during installation. To set new certificate, please go to Server Settings -> Connection and select newly signed certificate. Be careful and select correct server certificate and set correct password before hitting Save as there is bug that will not validate whether you have selected any certificate and entered correct password. After restart new certificate will be used by server. As it was signed by install-time certification authority, agents will trust it immediately. Link to comment Share on other sites More sharing options...
papillonf 0 Posted March 23, 2015 Author Share Posted March 23, 2015 Ok I have manage to connect the remote peer with the new certificate But the name is the router's name in lost and found, I can rename it but if I have multiple installation running it might get painful Why is the name not the actual computer name? Thank you Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 26, 2015 ESET Staff Share Posted March 26, 2015 During first Agent connection only remote IP address is available and it is translated (if possible) to computer name. This of course will not work in your scenario. There are requests to change this behaviour and it will be eventually changed in the future as it is already tracked as an issue. Only option right now is to rename them manually (or to craft some SQL update that will do that directly in DB, but be careful). Link to comment Share on other sites More sharing options...
Recommended Posts