Caught Certificate request refused by certification manager, subject identity not proven

  • Article ID: 121087
  • Updated: 04 Jun 2014

Issue

The following error is shown in the Sophos Remote Management Router log:

[DATE] [TIME] E Router::Start: Caught Certificate request refused by certification manager, subject identity not proven

First seen in

Enterprise Console 5.2.1 R2

Cause

The message router does not have a certificate.

What To Do

Check the three identity keys on the server (certauthstore) match with those in the mrinit.conf in the distribution location (e.g., \\Servername\SophosUpdate\CIDs\Sxxx\SAVSCFXP\). These identity keys should match those held in the endpoint computer's registry.

For reference the table below can be used to match the mrinit.conf values to the affected computer's registry values.

MRInit.conf value Corresponding registry key
DelegatedManagerCertIdentityKey HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private | CertificationIdentityKey
ManagedAppCertIdentityKey HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\CertificationIdentityKeys | ManagedApplication
RouterCertIdentityKey HKLM\SOFTWARE\Wow6432Node\Sophos\Messaging System\CertificationIdentityKeys | CertificationIdentityKey

Example of checking the RouterCertIdentityKey:

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments