Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Windows Agent Error - <Peer certificate cannot be authenticated with known CA certificates>

Installing OCS Windows Agent version 2.1rc1 across multiple Windows 2003-2K8 servers.  I am using ocspackager to create the installer including a self-signed SSL.  I use the same ocspackage across multiple sites, but some sites' servers are not showing up in inventory list.  Checking the logs I find the following error:

WARNING *** COM SERVER => Failed to send HTTP Post request <Peer certificate cannot be authenticated with known CA certificates>

I have read through the forum posts with similar errors and each point to the self-signed SSL, or potentially that the user configured ocspackage incorrectly.  I have tested the same ocspackge (w/ self-signed cacert.pem) across (2) different machines:  (1) Server 2003 which FAILS with peer certificate error; and a Win7 which works correctly.

I suspect the issue is maybe with the OS version or something relating to the cURL that gets installed instead of the self-signed cert, but I don't know where else to check.  Anyone else run into anything similar?  Again I can use the same ocspackage on some Win 2K3 servers and they report without issues.  Any help would be appreciated.

in OCS Inventory NG agent for Windows by (260 points)

1 Answer

0 votes
Hi,

2.1rc1 is development version which is not stable. 2.1.2 is the latest and stable version of OCS Inventory Agent. use this version instead of 2.1rc1.
by (90.2k points)
Upgraded Server to Linux OCS Server version 2.1.2 and Windows Agent to 2.1.1.1, same issue.  I don't think it's an issue with the version of agent since I have others running 2.1.rc1 that report without issue.    It looks like something with CURL possibly.  From the client ocsinventory.log I see:

 

COM SERVER => Enabling CURL SSL server validation support using CA Bundle <cacert.pem>

COM SERVER => Sending HTTP Post request to URL <https://<local_ip>:443/ocsinventory>

WARNING *** COM SERVER => Failed to send HTTP Post request <Peer certificate cannot be authenticated with known CA certificates>

ERROR *** AGENT => Failed to send Prolog <Peer certificate cannot be authenticated with known CA certificates>

I know this is an old post, but it is one of the few that has the same issue I am running into right now. We are getting the same error and are running 2.1rc1 and you said you had one working with that version of the server. We are using an official cert from a CA that uses an intermediate certificate (which is in the cacert.pem file on the client machine). The certificate is working fine in apache, but the agent is still throwing the same error as you posted above.

Did you ever figure out what was doing it?

Thanks!

 
Powered by Question2Answer
...