Jump to content

Agent Offsite Certificate Error


papillonf
 Share

Go to solution Solved by michalp,

Recommended Posts

Hi,

 

when i configure an agent in a offsite location i receive a certificate error :

 

Error: CReplicationManager: Replication (network) connection to 'host: "XXX.XXX.XXX.XXX" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete

 

Error: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension

 

 

I think i should add the public IP/FQDN to the server certificate.  What would be the proper way to replace the server certificate without breaking everything...

 

Thank you

 

 

 

 

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Before changing anything, please export all certificates (both peer certificates and certification authorities) so you will be able to repair your installation if something goes wrong.

 

To create new server certificate, just follow wizard (Certificates -> Peer Certificates -> New) and fill in all fields that are necessary and sign this certificate by certification authority that was created during installation. To set new certificate, please go to Server Settings -> Connection and select newly signed certificate. Be careful and select correct server certificate and set correct password before hitting Save as there is bug that will not validate whether you have selected any certificate and entered correct password. After restart new certificate will be used by server. As it was signed by install-time certification authority, agents will trust it immediately.

Link to comment
Share on other sites

Ok I have manage to connect the remote peer with the new certificate

 

But the name is the router's name in lost and found, I can rename it but if I have multiple installation running it might get painful

 

Why is the name not the actual computer name?

 

Thank you

Link to comment
Share on other sites

  • ESET Staff

During first Agent connection only remote IP address is available and it is translated (if possible) to computer name. This of course will not work in your scenario.

 

There are requests to change this behaviour and it will be eventually changed in the future as it is already tracked as an issue. Only option right now is to rename them manually (or to craft some SQL update that will do that directly in DB, but be careful).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...