search cancel

SCSP 5.2.x upgrade to DCS 6.0.0 MP1 and newer managers and now my agents do not connect.


Article ID: 161876


Updated On:


Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced


   In DCS 6.0.0 MP1 we changed Java version and it broke the older MD5 certs.

   Here is how to verify what version of the cert you are using. Run openssl.exe on an agent, then check the bolded portion of the text below in the output if it says md5 it will not work. If it says SHA it is not this issue.

OpenSSL>   x509 -text -in "E:\Installers\Prod certs\woe\agent-cert.ssl"


        Version: 1 (0x0)
        Serial Number: 1239025543 (0x49da0787)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: OU=UUSMNW0E, CN=SCSP_Management_Server
            Not Before: Apr  6 13:45:43 2009 GMT
            Not After : Apr  4 13:45:43 2019 GMT
        Subject: OU=UUSMNW0E, CN=SCSP_Management_Server
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

   Could not connect to server: CURLE_SSL_CONNECT_ERROR. Your target port may be pointing to an IIS Server ant the SDCSS Mgmt Server.


Java version was changed, requiring a need to handle the certs differently. 


   This is resolved in DCS 6.0.0 HF2 build 621 and newer (including 6.5 and above)