Enterprise Console or Sophos Control Center will display the following error messages about incompatible certificates if the SSL certificate on the workstation running Sophos Anti-Virus (endpoint) is not compatible with the one on the server running the console.
This usually happens when the workstation has tried to report to a different server from the one that installed it.
Sophos Anti-Virus cannot report to Sophos Enterprise Console (SEC) or receive new security policies.
This is because it is using an SSL certificate that is incompatible with the SEC server.
Sophos Anti-Virus should be reinstalled by the system administrator.
This can happen in the following circumstances
- the server has been reinstalled, or replaced with a different computer with the same IP name/address
- the server's clock is not synchronized with the workstation's clock. SSL certificates are valid for 20 years from the date of the console installation. If the console computer's clock is ahead of the client workstation, then the client workstation will use a certificate which appears to be not yet valid.
This problem may also be mentioned in the Sophos Network Communications Report.
What to do
- If the console computer has been reinstalled, from the console, reinstall Sophos Anti-Virus on the affected workstation.
- If the server's clock is set as being in the future, resetting it may make the server's certificate invalid. If the discrepancy is small, it may be easiest to wait until the time on the workstation has reached the time of server installation.
- If the discrepancy is large (e.g. more than a day), you may need to reinstall the server, and reprotect the workstations.