hey folks, does anyone know where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS? I have remote SSH access to the device, but all the guides I can find say to do a factory reset which I’m trying to avoid.
Hey Chris,
/wfs/server.crt
usually.
thanks again mate
Here is a doc:
github.com/IGEL-Community/IGEL-Docs/blob/main/Docs/HOWTO-Remove-IGEL-Device-License.md
Just reset the device to factory defaults
so this has now become a bit odd. deleted the cert file, rebooted the IGEL, it then imported into UMS fine, but i was unable to push any profiles to it or perform any actions with it due to an invalid certificate error. i arranged for someone onsite to perform a local factory reset which they’ve done. i can again import the device into UMS with no issue (and can see it’s definitely been reset as it’s lost the hostname that had been set on it), but once again i’m unable to perform any actions on it due to ERROR: Certificate Invalid.
a UMS>Device fails instantly. i’ve closed/opened UMS console with no improvement
That usually points into that direction that there is a UMS onsite that takes the device over. Could you check locally, in Igel Setup, under Setup>RemoteManagement which IP is there?
i’ll ask someone on site to check, ta. there should be no other UMS though, we built the whole customer system and this is the only UMS server that was every built. I got them to verify the device can resolve igelrmserver to the correct IP too
Then, just in case… Is there a Firewall which does SSL Splitting and / or Inspection?
not between the igel and ums, nope π
is odd, got 200+ otyher uniys working fine
on-site team have just confirmed the IP in that RemoteManagement field is the correct one for the UMS server.
Which Firmware / UMS Version? Is there an AV on UMS Server, if yes, could you disable it and retry?
FW is 10.06.130.01, UMS is 6.05.100. AV.firewall is only built in windows defender/firewall
Hem… Thatβs weird… Hem… Even if it shouldnβt play a bigger role in that context: is the time correctly set on the endpoint?
If you open a local terminal, and do a
ping igelrmserver
which IP comes up (if there is one)?
yep, and ping and nslookup return the correct IP, i got them to check that before i asked for a factory reset as that was my first thought too. i’ll get them to check the clock, be funny if timesync was the issue π
all the points to you sir
time and timezone all correct and date looked fine… except it was set to 2049 π
π
very much appreciated!
Did it worked though after setting the right Year ?
yep, instantly fine and sprang to life
profiles pushed out to it and it’s back in use π
i have advised customer to change the BIOS battery while it’s in their office (these are coverted PCs, not UD hardware)
PERFECT!! Glad to help
Set an NTP server and timezone π
Or buy a Delorean everytime you want to register a device @member π
Oh yes β A must for converting old hardware (assume BIOS battery is dead) β So make sure all devices have NTP server and timezone set!
Continue reading and comment on the thread ‘Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS? ‘. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!