Cloud Enabled Management Agents can't connect to the Notification Server after changing the Gateway certificate
Article ID: 217441
Updated On:
Products
Issue/Introduction
Cloud Enabled Management Agents cannot Update Configuration or receive tasks after changing the certificate of the Gateway.
Error in the agent logs:
Operation 'CEM: Connect' failed.
Protocol: HTTPS
Original host: NS SERVER:443
Real host: GateWay:443
Path: /
Connection id: 21.9564
Communication profile id: {3D7F459F-E0D2-499F-BA54-147F9BF7894F}
Throttling: 0 0 0
Error type: TLS Handshake error
Error code: The certificate chain was issued by an authority that is not trusted (0x80090325)
Error note: 'Gateway' server's certificate is not valid, thumbprint mismatch
Gateway HTTPS connection info:
Server certificate:
Serial number: 58 4c 07 76 00 00 00 00
Thumbprint: bd a8 cf 74 df d0 ce b5 95 b2 b7 c0 87 17 68 43 26 09 c0 db
Cryptographic protocol: TLS 1.2
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm:
Hash length: 0
Key exchange algorithm: ECDH
Key length: 256
Other error on the agent:
The certificate chain was issued by an authority that is not trusted.
Environment
8.x
Cause
The new certificate installed on the Gateway is not self-signed. When checking this certificate we found the private key is not imported to the Gateway.
Resolution
On the Gateway manager > General tab click on certificate and make sure Private key is imported.
If private key doesn't exist, reimport the certificate and make sure Private Key is also imported.
Install the certificate on the trusted root of the Local Computer.
Feedback
