Philadelphia Security User Group

 View Only

  • 1.  OOBM Component 7.1 - Remote Configuration confusion

    Posted Apr 20, 2011 11:50 AM

    Hi folks,

    I'm having some problems configuring OOBM 7.1 for Remote Configuration. I generated a CSR and submitted it to Comodo, and subsequently received my external certificate and installed the certificate into the current user certificate store of my Application Identity Account. OOBM Component still shows that no certificate has been installed. I believe my screwup was that I created the certificate with the FQDN of provisionserver.millville.org.  While I do have a CNAME entry in DNS for provisionserver.millville.org, I suspect that I really should have used the actual FQDN of the site server as shown below, ITCCMVALT01.millville.org.

    Before I go out and request another certificate, can someone confirm that this is indeed where I went wrong? I find the documentation for OOBM Component to be very confusing as far as the whole certificate registration process (indeed, for most of the configuration of OOBM Component as well). And all the supporting docs on the Symantec support forums only serve to confuse me even further.

    Thanks in advance for your help,

     

    ,



  • 2.  RE: OOBM Component 7.1 - Remote Configuration confusion

    Posted Apr 27, 2011 10:27 AM

    Hello,

    Lets start with the following point checks, and please take a note that if you have Remote OOB Site Server then, this page will still show that "red" link even if a correct certificate installed on the Site Server:

     

    1. Check that certificate that will be used for provisioning contains the correct OID’s.
    2. Check that certificate that will be used for provisioning contains the CN (Name of your OOB Site Server).
    3. Check that certificate that will be used for provisioning exists in Personal store (Computer and User).
    4. Check that Root Certificate (OF the certificate that will be used for provisioning), exists in “Trusted Root Certificates” store (Computer).
    5. Check that Root Certificate thumbprint matches to one of “Provisioning” hashes. In case of COMODO (d1 eb 23 a4 6d 17 d6 8f d9 25 64 c2 f1 f1 60 17 64 d8 e3 49).

     

    Kind regards,



  • 3.  RE: OOBM Component 7.1 - Remote Configuration confusion

    Posted May 03, 2011 08:09 AM

    FYI - The problem was corrected by ordering Comodo's "Intel Pro Series" certificate versus their generic SSL certificate. I'm no certificate expert by any means and have no idea what the difference is, but apparently there is one. Also, I DID need to change the FQDN to servername.millville.org and not the generic "provisionserver.millville.org". Thanks