Issue: Selecting "Test" in brokerconfig.exe gives SSL Handshake Error

Version 3

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x

    Issue

     

    SSLhandshakeError.png

     

    Connection through management gateway failed 10 SSL Handshake Error

     

    Cause

     

    The CSA doesn't have all the certificates that the client has under "Manage Core certificates".

    The client has an older broker certificate that isn't signed by all certificates on the client.

     

    Solution

     

    Check the client certificates (C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\certs) and see if there are any files that don't match what is on the CSA "Manage Core certificates" list. If there are, move those certificates to an Old certs folder and test this again. If this doesn't work, put the certs back and try the next step.

     

    On the core server, go to Configure>Manage Cloud Services Appliances... and choose to edit your current CSA. Click Apply and this should repost the core server certificates to the CSA. If your client has more certificates than your core is posting to the CSA, open the client connectivity settings and select the other certificates that the client is using and repost.

     

    NOTE: Once you have more than 4 or 5 certificates, I would recommend cleaning those up and only using 3 certificates at most in your environment.

     

    You may also be able to resolve this by simply deleting all files under the broker folder (C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\) except for broker.conf.xml and requesting a new certificate using C:\Program Files (x86)\LANDesk\LDClient\BrokerConfig.exe "Send Request".