Page History
Created Date | Updated Date | Affects version | Fix Version |
---|---|---|---|
|
Description
By default, the Blancco LUN Eraser software does not check the Blancco Management Console's certificate validity when connecting with using HTTPS. If additional security is needed then certificate verification can be enabled.
When the certificate validity is checked then the Blancco Management Console hostname must match that in the certificate and the certificate's signer must be trusted. If either of those two conditions are not met you get following will see the below error code. In this case, the Blancco Management Console's address is in address 192.168.1.1.
Info |
---|
Could not initiate secure connection to 192.168 . 1.1 Verify that your operating systems security certificates are up to date. Refer to manual or support.blancco.com for setting custom certificate location. |
Step-by-step guide
Certificate check The verification of the certificate can be toggled enabled in the LUN Eraser configuration file with using the option "VerifyMCCert". Value Changing the value to 1 enables the verification and value 0 disables it (default).
Info | ||||
---|---|---|---|---|
| ||||
|
In some cases, the certificate's signer is not trusted. , This can happen for example if the environment running Blancco LUN Eraser is not updated or the Blancco Management Console certificate is self-signed. In this case, you need to add the certificate signer to a list of trusted signers. This can be done by either placing the certificate file to one of the default locations /etc/ssl/certs and /etc/pki/tls/certs/ca-bundle.crt or to a custom location.
Custom The custom certificate location can be dedfined with option MCCertPathdefined using the "MCCertPath" option within the configuration file. In the following example, the certificates are searched also from will also be checked using the path /tmp/mc_certificate.
...