To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

PM 12.31 Proxy Mode

Options

Hello,

 

I tried to setup a PM proxy node and get an error when I try to create the certificate

 

"C:\Program Files (x86)\F-Secure\Management Server 5\bin>fspmp-enroll-tls-certificate.bat apwienet05.wienet.ads
Enter Policy Manager user to authorize certificate enrollment: admin
Enter password:
Error: error creating bean with name 'trustedCertificatesService' defined in com.fsecure.fspms.certenroll.EnrollmentToolConfig: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.fsecure.fspms.proxy.TrustedCertificatesService]: Factory method 'trustedCertificatesService' threw exception; nested exception is java.io.UncheckedIOException: java.net.UnknownHostException: spwienet05.wienet.ads"

 

I used the admin account and the password of the central management server.

Registry settings and all the other things mentioned in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824 are done

Comments

  • ok .. it was a long night yesterday ...setting up this new server in Denmark ;-)

     

    Certificate is enrolled now ... I think I'll go home soon and will get some sleep ...

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master
    Options

    Hello,

     

    > PM 12.32

     

    Is it possible to download that special product version? I would like to upgrade my PM 12.31 server, but cannot find the package anywhere on F-Secure's website...

     

    Thanks in advance, BR: Tamas Feher, Hungary.

  • it is no extra package ... just install the normal policy manager 12.31 without console and follow the posted instructions

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    Options

    Hello etomcat,

     

    12.32 was not ever released. 12.31 is the latest one, but it has one hotfix package... Probably, that was called 12.32, or yet another side effect of ChinaDragon's long night :)

  • Smiley Happy yes sorry - I changed the subject already Smiley Happy

     

  • fox
    fox W/ Alumni Posts: 19 Security Scout
    Options

    I tried to install 12.40 proxy as instructed in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824, but got problems when running script:

     

    fspmp-enroll-tls-certificate.bat
    Policy Manager Server is not configured to run as a proxy.

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    Options

    Hello fox,

    What are the additional_java_args you've specified at step 5? Seems some of them are missing.

  • fox
    fox W/ Alumni Posts: 19 Security Scout
    Options

    -DupstreamPmHost=x.x.x.x -DupstreamPmPort=443 -DadminPubLocation="C:\Program Files (x86)\F-Secure\Management Server 5\data\admin.pub"

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    Options

    Thanks, seems your args are correct ones.

    BTW, do you specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy? You should run it there, but not at the Master Policy Manager host...

  • fox
    fox W/ Alumni Posts: 19 Security Scout
    Options

    I specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy.

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    Options

    Could you please collect fsdiag from both master PM and proxy node. There is "F-Secure Support Tool" link in the F-Secure Policy Manger start menu group. Please use this tool to gather fsdiags and forward them via F-Secure Support to dev teams.

    TIA

This discussion has been closed.