Backup over Internet fails if Edge Server is configured with default self-signed SSL certificate that has expired.
Article ID: 100032790
Updated On:
Resolution
Below steps can be taken depending on what type of SSL Certificates are present:
The following section provide steps to push self-signed SSL certificate to extend the certificate expiry.
Prerequisite
Pushing the certificate from DLO Administration Console will bind the certificate to the Edge Server URL. A DNS entry must be added, mapping the certificate name (dlo.veritas.com) with Edge Server IP address. In case of less number of clients, DNS mapping can be achieved by adding the host entry in the host file of the below machines:
To push the certificate:
1. In the Installer package, extract the self-signed certificate from the Edgeserver1.cab file.
2. In the search field, search *server. The server.crt and server.key files are displayed.
3. Copy server.crt and server.key in the desired location on the server machine.
4. In the Modify Edge Server window, browse for the certificate.
Note: The server.crt and server.key files should be present in the same folder during push certificate.
5. Click Push Certificate. Once the certificate is pushed successfully, the following message appears:
6. After the successful push, navigate to the default certificate location and verify that the certificate has been updated:
\Program Files\Apache Software Foundation\Apache24\Conf\SSL
Also the certificate is updated in the certificates folder in DLO Desktop Agent and its zipped folder.
Once the DLO Server is updated with the new certificate, the DLO Desktop Agent will also get updated with new certificate, provided:
- The new self-signed SSL certificate that comes with the DLO upgrade, should be pushed to the Edge Server.
-OR-
- If a SSL certificate issued by a trusted Certificate Authority is available, then push this certificate to the Edge Server.
The following section provide steps to push self-signed SSL certificate to extend the certificate expiry.
Prerequisite
Pushing the certificate from DLO Administration Console will bind the certificate to the Edge Server URL. A DNS entry must be added, mapping the certificate name (dlo.veritas.com) with Edge Server IP address. In case of less number of clients, DNS mapping can be achieved by adding the host entry in the host file of the below machines:
- Edge Server machine
- Administration Service machine
- All the DLO Desktop Agent machines
To push the certificate:
1. In the Installer package, extract the self-signed certificate from the Edgeserver1.cab file.
2. In the search field, search *server. The server.crt and server.key files are displayed.
3. Copy server.crt and server.key in the desired location on the server machine.
4. In the Modify Edge Server window, browse for the certificate.
Note: The server.crt and server.key files should be present in the same folder during push certificate.
5. Click Push Certificate. Once the certificate is pushed successfully, the following message appears:
6. After the successful push, navigate to the default certificate location and verify that the certificate has been updated:
Also the certificate is updated in the certificates folder in DLO Desktop Agent and its zipped folder.
Once the DLO Server is updated with the new certificate, the DLO Desktop Agent will also get updated with new certificate, provided:
- The Desktop Agents are working online in non-BOI mode.
- If the Desktop Agents are working outside the corporate network, then the Server Certificate must be downloaded from Web Restore. This will download both .ini and .pem files. These files must be replaced in the Desktop Agent install directory for the Desktop Agents to continue working online in BOI mode.
Issue/Introduction
When DLO Server is upgraded, the default SSL certificate is not updated for Edge Server. If the Edge Server is configured with this default self-signed certificate and the certificate has expired, then Backup over Internet fails.
Was this article helpful?
Yes
No
Powered by
