/build/static/layout/Breadcrumb_cap_w.png

SSL Cert question

I am having issue with my k1000 cert and wanted to see if someone can point me somewhere.
My SSL cert was about to expire and decided instead of renewing it to just change it and use my wildcard cert which support said should not be a problem. I inserted the wild cert but now I have almost 600 machines with active amp connection but not reporting inventory. Also when I access the K1000 web address from Android Chrome browser I get connection is not private though every other browser (IE, Chrome, Safari) show the cert is good and Green. I ran ssl checker on the site and all passed though I got intermediate cert error and I am not using intermediate since this is Digicert. Support is telling me this is a cert issue though its not. I have this cert on many servers with no issue.


5i4RiE.png

Thank you.
Asked 8 years ago 1829 views
1 Comment   [ + ] Show comment
  • I would make that the SMMP.conf/amp.conf files match the host name listed on the wildcard, which should also match the web server name in the K1000's network settings.

    On the client systems ensure that the signing authority used to create the certificate exists as a trusted root on their client machines. When you open the certificate manager (certmgr.msc on windows) do you see that authority listed under "Trusted Root Certification Authorities\Certificates"? - Ericenri 8 years ago

Answers (2)

Posted by: Nico_K 8 years ago
Red Belt
0
Since the AMP Connection is still online I assume you did not change the host name.
Use one machine and go to c:\program files (x86)\dell\kace
Run runkbot 1 0 and check the log for error messages which help you to diagnose the issue.
The script 1 is a bootstrap
Comments:
  • Yes I have amp connection and the url has not changed the only thing really different is the wildcard cert is "*.company.com" instead of "Helpdesk.company.com".

    I ran the runkbot 1 0 I see there is an ssl error in the log "'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure' Error Code (35:SSL connect error), url: https://helpdesk.company.com/service/kbot_service_notsoap.php?"

    The signing authority is on the trusted root as well. If I install a new agent manually the issue gets resolved. This is happening to 600 out of 2K machines and I cannot manually reinstall over 600 agents, I cannot use MI or script, though the machines have amp they are not running any scripts. - bozadmin 8 years ago
Posted by: SMal.tmcc 8 years ago
Red Belt
0
have you tried running a Domain login script to call amptools to clear cache and  reset to see if that fixes the problem.


AMPTools: Utility functions for AMPAgent
Usage:
     AMPTools [help | -h | -? | /?]
            This help text

     AMPTools get <config>
            Read configuration option from amp.conf. Configuration options are:
                 host: Server hostname.
                 debug: (true|false) Debug logging.

     AMPTools [set] [-n] <config>=<value> ...
            Set values in amp.conf. 'set' is optional. See 'get' for options.
            By default, restarts AMPAgent. -n prevents this.
            Known keys are host and debug.
            Changing host clears host-dependent config.
     AMPTools clearcache
            Clear AMP caches

     AMPTools killtasks [-f] [-w]
            Kill any running AMP subprocesses. With -f, force-kill them.
            With -w kill everything except watchdog.

     AMPTools shutdown [-f] [-r]
            Shutdown system. With -f, immediately without prompting user.
            With -r, reboot.

     AMPTools resetconf [-n] [<config>=<value> ...]
            Set amp.conf to defaults, optionally setting values (see 'get').
            By default, restarts AMPAgent. -n prevents this.

     AMPTools restart [-w]
            Stop and start agent.  With -w everything except watchdog

     AMPTools delayed-restart
            Stop and start the agent, but delay for 20 seconds, this is used by RESETAGENT to allow time to send message back to K1

     AMPTools start [-w]
            Start agent if stopped. With -w everything except watchdog

     AMPTools stop [-w]
            Stop agent if started.  -w everything except watchdog

     AMPTools uninstall [all|all-kuid]
            Uninstall agent. Leaves configuration and KUID.
                 all: Also delete configuration, but not KUID.
                 all-kuid: Delete everything, including KUID.



Comments:
  • I tried running it locally on 1 machine....clear cache, resetconf with the host though the host has not changed and no luck. - bozadmin 8 years ago

Posted by:

bozadmin Brown Belt
Ninja since: 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Security Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ