Views:

This issue may occur in one of the following checkpoints:

The issue occurs at “web Host certificate(pb_WebServer)” checkpoint.

Possible cause

  • Web Host certificate does not exist or the name is inconsistent with the Master_DomainName in ofcscan.ini or the certificate exists in the certificate store "Untrusted Certificates".

Recommended practices

  1. Web Host certificate should be located in the certificate store Personal or Web hosting.

    Personal Web Hosting

    Click the image to enlarge.

  2. The name of this certificate can be IP address or hostname or FQDN. It should be the same as 'Master_DomainName' in ofcscan.ini for Apex One server on-premise before version 1141.

    If not, do either of the following:

    • Re-sign a new certificate with name same as “Master_DomainName” in ofcscan.ini and bundle to IIS. Refer to the KB article: Renewing the IIS SSL certificate of OfficeScan (OSCE).

    • Change the "Server name or IP address" in “Agent Connection Settings” to same as the name of the web Host certificate.

      Settings

      Click the image to enlarge.

       
      Make sure the ip/hostname should be the same as the common name of web Host certificate)
       

  3. If the certificate exists in the certificate store Untrusted Certificates (with same thumbprint as the web host certificate in store Personal or Web hosting), export and backup the certificate then delete the certificate.

    Delete Certificate

    Click the image to enlarge.

Possible reason

  • The web Host certificate is expired.

Recommended practices

 
Manually restart master service to make sure the newly generated certificate imported to the “Trusted People” store’s folder.
 

Possible cause

The public certificate of Web Host certificate does not exist or the thumbprint is not the same as the private certificate's.

To resolve the issue:

  1. Export the Web host certificate without the private key.

    Export

    Click the image to enlarge.

  2. Import the public key into [Certificate Store]\Trusted People\Certificates\

    Import

    Click the image to enlarge.

  3. Starting from Apex One 2019, new modules in Apex One Security Agent will authenticate whether the communication peer is a valid Apex One server.

    Rename the public key (.cer) to "OfcIPCer.dat" and then copy it to {Apex One Server Installation}\PCCSRV\Pccnt\Common\ and overwrite the existing file. This managed key will be deployed to the managed Apex One Security Agents.

    For example:
    Copy <server_public_key>.cer to {Apex One Server Installation}\PCCSRV\Pccnt\Common\OfcIPCer.dat

Additional information

Keywords: Web Host Certificate,TA for server,TrendMicro,Troubleshooting Assistant for Server,tool,issues,solution,troubleshoot,recommendations,symptoms,diagnosis,analysis,causes,reference,