Troubleshooting Tip: Persistent Agent attempts to authenticate the wrong SSL certificate
| Description | Persistent Agent logs from the host show the certificate's Serial Number matches the certificate from a Certificate Target other than the Persistent Agent (Example, Local RADIUS Server). This can prevent the agent from authenticating the certificate.
Persistent Agent host log Example:
Certificate: <xx:xx:xx:xx:xx:...> <----- Serial Number of certificate
For instructions on collecting the agent logs from the host, refer to the related KB articles below.
|
| Scope | |
| Solution | 1) Verify TLS Service Configurations are correct. TLS Service Configurations define the certificate, TLS Protocols, and Ciphers used for secure communication (e.g. Agent, Local RADIUS EAP).
Version 8.x: Navigate to System -> Settings -> Persistent Agent -> Transport Configuration.
2) Under TLS Service Configurations, ensure one of the services listed references the agent Certificate Alias.
If this service is not listed, add it.
Example:
Name: Default TCP TLS Protocols: TLSv1.2 Certificate Alias: agent
3) Once added, create a Packet Transport Configuration referencing the newly added TLS Service Configuration.
Example:
Name: Agent Transport Bind Address: (Leave blank) Port: 4568 TLS Configuration: Select Default TCP from drill down Transport: TCP Max Queue Size, Read Idle Timeout & Write Idle Timeout: Leave at default values
For details on this view, see Transport Configurations in the Administration Guide.
Contact Support for assistance.
|