cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Afaria 6.6 ca server test unable to verify certificate server with Relay Server

Former Member

on ‎11-30-2012 11:14 PM

0 Kudos

Hello,

I'm trying to set up a QA Afaria server and Relay server in our environement, but am having some trouble getting the Afaria server to verify the CA when going through the relay server. When omitting the Relay server, I am able to verify the CA.

We are running Afaria 6.6 on a MS server 2008 SP1 R2 VM, same for the relay server.

Also, I am unable to get to the IIS splash page on the relay server when trying to connect from outside of the network. From inside the network, the are no connection issues.

Any help that can be provided would be greatly appreciated. If any additional info is needed, please let me know and I will retreive it.

Thank in advance,

~Tim

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-19-2013 9:06 AM
0 Kudos

Hi ,

I am very new to Afaria and i have install Afaria server and CA server in two different servers . CA is on Windows 2008 RS enterprise and Afaria is on Windows 2008 standard server .
When i click "Certificate test " on Afaria server - enrollment server section its says " Failed , Please confirm ip address "

where i went wrong ? pls advise

Thanks a lot in advance

Regards ,

Thushara 

Show replies
Show replies
Former Member
‎08-13-2013 8:03 AM
0 Kudos

Please check the setting in console

Server >>Certificate Authority

Give IP address of server address of CA server.

Note : If all the CA server configuration is done properly only reason for failed please confirm ip address will be wrong parameters set in Certificate authority

former_member10452
Employee
Employee
‎12-05-2012 5:04 AM
0 Kudos

Hi Tim,

To access relay server from outside your corporate network you would need to expose your IIS ports to internet thats why you are not able to view IIS home page.

It's ok that "Test Certificate Request" is telling "Unable to verify certificate server.".

If your relay server is accessible from your internal network then try creating one enrollment code and enrolling one device. Make sure device is also in your internal network.

Regards,

Abhishek Joshi

Show replies
Show replies
Former Member
‎12-05-2012 5:17 PM
0 Kudos

Hello Abhishek,

Thank you for getting back to me. I was actually able to solve the relay server issue (partially) today. I can now see the server from outside the network. It was a DNS issue.

However, here is what I am still having trouble with: When trying to test the certificate server (which is on the same server as the Afaria 6.6 installation), I am only able to verify connection, but only when I do not go through the relay server.

I am able to enroll a device that is connected to our wireless network, when not connected to the relay server. However, we do not have the APNS ports open on the back end firewall, only on the front end (in front of the DMZ, where our relay server has access). So, in order to provision our devices with certificates for the profiles ( we use exclusively iOS) we need to go through the relay.

Also note,  this server is to be used for testing an upgrade of our production environment from Afaria 6.6 to 7, so the aim is to mirror the current setup.

Thank you in advance for the help!

Tim

former_member10452
Employee
Employee
‎12-06-2012 5:15 AM
0 Kudos

Hi Tim,

When you test the certificate through relay server, you will always get this status.

So, it's not a problem at all. I also have 6.6 installed with relay server and get the same message when i do test CA server.

Aprt from testing connection from Admin UI, are you facing any other problem?

If your relay server is reachable from outside then you can try enrolling from outside network. Maybe one iOS4 and iOS5 device.

Regards,

Abhishek Joshi

Former Member
‎12-06-2012 7:20 PM
0 Kudos

Hi Abhishek,

This is incorrect. Testing through the realy server in our production environment verifies the certificate authority, as expected. Also, we are unable to enroll when going through relay. When not using the relay server, we are able to enroll, but not pull down any of the profiles (due to the fact that our back end does not have the APNS ports open, by design).

I will be doing some more testing and will post any developments.

Thanks again for your help,

~Tim

former_member10452
Employee
Employee
‎12-08-2012 7:19 AM
0 Kudos

Hi Tim,

I hope you created different farms for different purpose i.e. for CA, package server, enrollment server and afaria server?

Could you please provide me Relay server and RSOE logs to check?

If you are using relay server which is not installed on default 80/443 port then make sure you enter IP:PORT in afaria admin UI.

Regards,

Abhishek Joshi

Ask a Question