04-07-2020 11:57 AM - edited 04-07-2020 11:58 AM
Hello,
When execute the manual policy i have the next error code 7658.
: (7658) Connection cannot be established because the host validation cannot be performed on the target
Clien Properties: The vnetd proxy encountered an error
Certificate Management: Revoked - ldrpsoap - Unknow
Can you help me?
Regards
Solved! Go to Solution.
04-07-2020 01:57 PM
Is this a net new client in your environment? Like you haven't had another client with same IP/Name before?
You could blow away all the certs on the client and rebuild. Run these from the client.
nbcertcmd -listCACertdetails
Copy the SHA1 fingerprint for the next command.
nbcertcmd -removeCACertificate -fingerPrint
Paste the fingerprint.
nbcertcmd -deleteAllCertificates
nbcertcmd -getCACertificate -server <master>
Use the reissue token you created.
nbcertcmd -getCertificate -server <master> -token
04-07-2020 12:44 PM
Are you sure the certificate isn't revoked? From the client run <install path>/bin/nbcertcmd -getCRL
04-07-2020 01:10 PM
I use the command,
[e-rflores@ldrpsoaapp01 bin]$ sudo ./nbcertcmd -getCRL
Successfully refreshed certificate revocation list for lprvnetbkp01.
Successfully refreshed security level for lprvnetbkp01.
But the error continue.
Regards
04-07-2020 01:25 PM
right click the revoked cert and generate a reissue cert.
then run <install path>/bin/nbcertcmd -getcertificate -server <master> -token
Then paste the reissue cert, let me know if that resolves your problem.
04-07-2020 01:46 PM
Hello,
I use the command in the client
[e-rflores@ldrpsoaapp01 bin]$ sudo ./nbcertcmd -getcertificate -server lprvnetbkp01 -token
Authorization Token:
Host certificate and certificate revocation list already exist for master server [lprvnetbkp01]
But in the GUI master still revoked certificate and the error is the same.
Regards
04-07-2020 01:57 PM
Is this a net new client in your environment? Like you haven't had another client with same IP/Name before?
You could blow away all the certs on the client and rebuild. Run these from the client.
nbcertcmd -listCACertdetails
Copy the SHA1 fingerprint for the next command.
nbcertcmd -removeCACertificate -fingerPrint
Paste the fingerprint.
nbcertcmd -deleteAllCertificates
nbcertcmd -getCACertificate -server <master>
Use the reissue token you created.
nbcertcmd -getCertificate -server <master> -token
04-07-2020 02:18 PM
Krutons,
You are awesome, now the client connect correctly, thanks very much for your help.
Regards