What to do when ESM Server SSL certificate expires

Reply
Highlighted
L3 Networker

What to do when ESM Server SSL certificate expires

Hi All,

A strange scenario here. It appears my Traps endpoints are no longer connecting to the ESM server because the ESM SSL certificate was due to expire and had to be renewed. It seems renewing the SSL certificate has broken the trust relationship between endpoints and the ESM server. Some output from the endpoint below.

Question: What is the correct procedure to renew SSL certificates for ESM infrastructure without disrupting connectivity between endpoints and ESM

 

Cyvera.Client.Service.Heartbeat.ClosestServerFinder Communication "Failed getting status from server 'https://esm-console.<domain-name>.local:2125/'.

Cyvera.Common.ApiCommunication.Exceptions.ServerCommunicationException: The underlying connection was closed: An unexpected error occurred on a send.

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

 

 

L0 Member

Re: What to do when ESM Server SSL certificate expires

Hi.

 

I guess this article will help

 

https://live.paloaltonetworks.com/t5/Endpoint-Articles/Traps-on-the-Endpoint-Security-Manager-Loses-...

 

You have to bind the new certificate to the Traps communication port…

 

Markus

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!