I’m having all kinds of cert problems on our test ICG. Our test client device is giving me an error of failing to get ICG certificate. The remote installation of the ICG was simple. We don’t have to install our wildcard cert on the client device do we?
can you describe a bit how you setup the ICG? I mean especially how you created the keystore.
We have a wildcard cert for our cherryhealthonline.net cherryhealthonline.net samespace. My systems team leader converted it from a .crt file to a .pem file. Then, followed all the steps laid out in the KB article: kb.igel.com/igelicg-2.01/installing-the-igel-cloud-gateway-20705738.html
Deployment is smooth. Then, when trying to configure a client locally, it gives a failed to get certificate error
is the ICG adress you enter in the wizard, the same you entered inside the Keystore creation?
Yes, as far as I see. The only real difference in our environment and the KB to my knowledge is we do not have an intermediate cert. But, my knowledge on certificate management is pretty shallow.
I’m thinking my manager may have converted the wrong key. Exploring further
Actually, it looks like it may be expired.
If you want to check the general function, you could add the public IP to your certkeystore and reinstall the ICG with one. If the IP works then (you will have to forward a part of the Fingerprint), you can sort other issues out.
Oh ok! Fair point! In addition, please check the time of endpoint / ICG / UMS. They should be in sync.
Well, figured out the cert error. Turns out my manager accidentally screwed up the NAT. Newest issue is getting the UMS Agent to register the device. Now, this UD Pocket had previously been licensed when on an internal network. Will that affect UMS behavior when trying to get registered from the outside? I’ve deleted the ‘hardware’ from the original license (We do primarily automatic deployment) and reset the firmware on the device. It’s getting connected to the ICG, but not registering in UMS. Is there some setting in the UMS Administration that I may be missing?
About the only thing that is different from the KB articles is the “UMS Structure Tag” field. I’m not seeing that in any of the KB articles
Created a structure tag in default default directory rules and tried that. Still failed.
Continue reading and comment on the thread ‘Having cert problems on our test IGEL ICG – test client device is giving me an error of failing to get ICG certificate’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!