This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.5.2: Change of certificate does not work (bug?)

Hi,

 

i tried to change a cert within 9.5.2 -

Proceeded this: https://community.sophos.com/kb/en-us/122559

1. Wizard, Import, Webconsole, detect certs, deleted old ones.

2. Restarted server, I get Error 2033 within SMC Control Agent (iOS)

3. Restarted Mobile Terminal, no change

4. like 1. I renerated self signed cert - and afters this I i imported (goto Number 1) - and after this replace with official cert.

All did not help - i reverted my snapsot an I hope you'll have a solution for me. I have 2 weeks to go with the old cert - perhaps someone other has tried to renew/replace the SSL Server cert with SMC 9.5.2 running on Windows Datacenter 2016.

 

Webbrowser opens console without error.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    what workaround is possible? what timeframe is planned for this hotfix?

  • Hi  

    According to current planning, this should be available in the course of the next week. However, I do not have any specific date for the version release. Once it is released we will be updating our forums. For testing purposes, Would it be possible to send a message to the affected device? The communication should work again after receiving the message. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Hi Shweta, Hi Till

    I tested the "trick" with sending a message to an affected device. Unfortunately this didn't work. On the device, there pops up, that it received a message, but when the customer try to read this message, he gets again the "Error 2033".

     

    Kind regards!

    Chris

  • Hi Chris,

    thank you for the test - I can not test this because we are running on production and outages are monitored and charged to my account... I invested 2 tries to change the cert (see initial post and had no success - I support SMC starting Version 2.0 and have years of experience within mobile device management (not a newbe, started 1998 with Nokia Communicator my first mobile business)

  • Good Morning everybody!

     

    Any news about a solution? We still struggle with this problem and we wouldn't be pleased 'bout re-enroll all devices :P

     

    Today, I gonna do some testing again:

    . Switch back to the old certificate on to SM Server as well as on the Apache2 reverse proxy.

    . Enroll a device.

    . Upgrade to the new certificate on SM Server and Apache2 reverse proxy according to community.sophos.com/.../123984.

    . Check state of previously enrolled device

     

    Regards!

     

    Chris

  • Hi Sophos,

    please give us information regarding this bug - where is the old cert cached?

    1. in the Database?

    2. within the App-Server?

    3. other location

    I have only two weeks remaining to change the cert due to christmas holidays and we do not want to get into struggle during this time.

    We need a solution/more information. In former times there were also problems with certs and Sophos published no patch - only a „dirty hack“

    Sophos: please give us information to solve this.

  • Hi  

    I did discuss about the version release with our team, our team has been coordinating with Apple support and we are expecting the release this week. Apologies for the inconvenience. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Hello,

    we have the same issue here. I'll updated our Let's encypt SSL cert and after the update I couldn't connect with an IOS Device. After switching back to the previous cert (valid till 12/08) it works

    again.

     

    I'll need a bugfix till the 08.th of december....

     

    Regards,

     

    J. Krause

     

     

  • Hi,

     

    time is running and we are getting a severe problem - this week is already finished - please provide information how to fix this issue manually. This could be like this:

     

    1. Please install SMC from scratch

    2. Import Database

    3. Use SQL script to delete old cert

     

    Sophos: we are waiting for you, it is mission critical! I opend a support ticket - very sad there is no support. I detected this bug which is a shop stopper when your cert will expire/revoced.

  • Hi  

    Please PM us your Case number which is currently open with the Sophos Support.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link