Environment
Symptoms
- When creating a trusted directory and entering the "Computer" field, you receive "No results found" in the search.
Cause
The certificate in IIS is expired, has the incorrect CN and the certificate on Trusted Root Certification Authority has incorrect information, or the server certificate has been updated and the IIS certificate was not.
Resolution
- In the Cb Protection console, navigate to System Configuration (gear icon in 8.x) > Security Tab. Make note of the certificate (Common Name and Expiration date) information shown.
- On the Cb Protection server, go to Start > Run > type “mmc” > click OK.
- In the Microsoft Management Console (mmc) window, go to the File menu > click on “Add/Remove Snap-in”
- Select “Certificates” > click the “Add” button
- Select “Computer account” > click “Next” > select “Local computer” > click “Finish” > then, click “OK”
- Click the plus sign on “Certificates” to expand it
- Click the plus sign on “Trusted People” to expand it > select “Certificates”
- On the right-pane, there should be a certificate for the Cb Protection console > double-click to open the properties
- On the General tab, note the expiration date to make sure that it matches what is shown on the Cb Protection console (see step #2 above)
- On the Details tab, select Subject and note the information displayed to make sure that it matches what is shown on the Cb Protection console (see step #2 above)
- Once verified that the certificate it valid, highlight the Certificate and Right Click > All Tasks > Export.
- Export the certificate (Export the private key, provide a Password and select a location for the exported certificate).
- On the navigation tree on the left-pane, click on the plus sign for “Trusted Root Certification Authorities” to expand it > select “Certificates”
- Repeat steps 8a and 8b. If the certificate in “Trusted Root Certification Authorities” is incorrect, delete it and import the one from “Trusted People” to “Trusted Root Certification Authorities”
- Close the Microsoft Management Console (mmc) window
- Open IIS Manager
- On the IIS Manager navigation tree on the left-pane, select the server name
- On the right-pane, double click on Server Certificates
- Delete the old Cb Protection certificate
- Under the “Actions”, click on “Import” and select the exported Certificate file from step 10 and provide the password
- On the IIS Manager navigation tree on the left-pane, expand “Sites” and select “Parity Console Web”
- On the “Action”, select “Bindings…” > click on https 443 and click Edit
- On the “SSL certificate” drop-down, select the new certificate you imported in step# 19) > click OK
- On the IIS Manager window, click Restart or run the “iisreset” on the command prompt (you need to be an administrator to do this)
- Restart the Cb Protection Server service. (May be called Parity Server service in older versions)
Additional Notes
N/A
Related Content
Cb Protection: Agent upgrade- failed to download upgrade package error: 12175
Cb Protection: Yara Rules out of Date - WinHttpSendRequest Error[12175:]