Importing the Traps Management Service Go Daddy G2 Root CA Certificate to allow Agent Communications to the Traps Management Service Console

Importing the Traps Management Service Go Daddy G2 Root CA Certificate to allow Agent Communications to the Traps Management Service Console

14103
Created On 01/28/19 21:17 PM - Last Modified 06/01/23 07:16 AM


Symptom


Occasionally, when installing the Traps Management Service Agent on older endpoints (Commonly Server 2008) your Agent may not connect successfully. Upon checking the Agent log, you may see something like the following:
2018 Dec 10 12:58:20.154-06:00 COMPUTER-A  [5004:4620 #14:14] {trapsd:Communication Heartbeat(scheduled):https://hostname.traps.paloaltonetworks.com/operations/provision/register} <Critical> Server certificate for host Go Daddy Secure Certificate Authority - G2 is not allowed: error=20, message=unable to get local issuer certificate

Cause


This error message means that your endpoint is unable to validate the Certificate being offered by the Traps Management Service, and because of this it is unable to authenticate and connect. This can happen when your endpoint does not trust the Root CA Certificate. The reason for this is usually that your endpoint is lacking a copy of the specific Go Daddy G2 Root CA Certificate, that was used in generating our SSL certificate, stored in your Trusted Root certificate Store.

Resolution


Normally, Windows is able to update the Certificate store automatically, but some configurations will prevent this. When this is the case, you may need to download and manually import the Root CA Certificate that we use. Please see the following steps:
 
  1. Login to your Traps Management Console using Google Chrome (it may be possible to accomplish this with other browsers, but these steps are specific to Google Chrome)
     
  2. Once logged in, click on the Lock icon in the address bar and view the certificate by clicking “Certificate” (Google Chrome).
     
  3. Goto the “Certification Path” tab and select the “Go Daddy Root Certificate Authority – G2” line at the top and then click the “View Certificate” button.
     
  4.  Another window that looks like the first will open. Here, goto the “Details” tab.
     
  5. From the “Details” tab, click “Copy to File” at the bottom.
     
  6. Click “Next” and then click “Next” again and choose where to save the file, the name of the file does not matter. Continue until you click “Finish” and the export is complete.
     
  7. Now, goto the Start menu and choose Run and type “mmc” and press enter.
     
  8. Once the mmc console is open, goto “File” and click “Add/Remove snap-in…”
     
  9. Select “Certificates” and click Add, then choose “Computer account”, Click “Next” and then “Finish” and “OK”.
     
  10. Expand the Certificates drop down in the left pane and expand the folder “Trusted Root Certification Authorities”.
     
  11. Right click on “Certificates” and choose “All Tasks” and then “Import”
     
  12. Click “Next” and then locate the file you just exported. Hit “Next” and then “Next” again and “Finish”
     
  13. The import should be successful and you should now be able to check-in with your Agent.
 
 
 
 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmgFCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail