Views: 
@ofcdebug.log

019 12/10 16:06:10 [20d4 : 1a04] (00) (E) [][tmlisten.exe]VerifyServerCert - Failed to verify the SSL certificate - [olh_winhttpclient.cpp(857)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (D) [][tmlisten.exe]VerifyServerCert - << 0 - [olh_winhttpclient.cpp(864)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (E) [][tmlisten.exe]winHttpStatusCallback - Close connection due to certificate verification failure - [olh_winhttpclient.cpp(78)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (D) [][tmlisten.exe]SendInHTTPSWithWinHttp - Failed at sending a request, verb: [POST] err : [12017] - [olh_winhttpclient.cpp(470)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (D) [][tmlisten.exe]SendInHTTPSWithWinHttp - <<< - [olh_winhttpclient.cpp(770)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (D) [][tmlisten.exe]TmPost - Post:Verb: Result status=-27 - [olh_loadhttp.cpp(1207)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] After Post or Get nError = -27 - [cnttmsoc_tmsock.cpp(4196)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (I) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] LoadHttp Get func failed,error code = -27 - [cnttmsoc_tmsock.cpp(4306)]
2019 12/10 16:06:10 [20d4 : 1a04] (00) (I) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] DeleteFile done, err = 0 - [cnttmsoc_tmsock.cpp(4337)]

The agent tried to verify certificate with server but failed.

Check Pccnt\Common\OfcIPCer.dat on the server-side:

  1. Copy OfcIPCer.dat to another path, rename it as OfcIPCer.cer.
  2. Double-click it then switch to the Details tab and check the serial number.
  3. In IIS manager, check SSL binding certificate, see if the serial number is the same with OfcIPCer.cer.
    If it is different, export the public key and rename it as OfcIPCer.dat, put it in Pccnt\Common folder.
     
    Starting from Apex One 2019, new modules in Apex One Security Agent will authenticate whether the communication peer is a valid Apex One server. Rename the above public key (.cer) to "OfcIPCer.dat" and then copy it to {Apex One Server Installation}\PCCSRV\Pccnt\Common\ and overwrite the existing file. This managed key will be deployed to the managed Apex One Security Agents.

    For example:

    Copy server_public_key.cer to {Apex One Server Installation}\PCCSRV\Pccnt\CommonOfcIPCer.dat

     
  4. Open a command window and change the working directory to the following:

    C:\Program Files(x86)\TrendMicro\ApexOne\PCCSRV\Admin\Utility\CertificateManager

  5. Execute the following command:

    CertificateManager.exe -f "C:\ProgramFiles(x86)\TrendMicro\ApexOne\PCCSRV\Pccnt\Common\OfcIPCer.dat"

     
    The certificate export format will work for DER format only.
     
  6. Check OfcIPCer.dat and OfcIPCer.dat.sig is up to the time.

    C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Pccnt\Common\OfcIPCer.dat
    C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Pccnt\Common\OfcIPCer.dat.sig

Keywords: verify certificate,Web Host Certificate,mismatch,Policy deployment,issue,system error. Error ID 5,Troubleshooting Assistant for Server,TA for Server,issue detected by TA for server,Customer Success Toolkit