User-ID server monitor using WinRM HTTPS fails to communicate with server - connection refused

User-ID server monitor using WinRM HTTPS fails to communicate with server - connection refused

1049
Created On 06/02/25 08:40 AM - Last Modified 10/24/25 22:09 PM


Symptom


• User-ID server monitoring using WinRM HTTPS shows "Connection refused"
• System logs shows "Server monitor <server monitor name>: connection failed, HTTP code 0, SSL peer certificate or SSH remote key was not OK'"

 

Environment


• PANOS >= 10.2
• WinRM over HTTPS
• Certificate RSA <= 1024 bits

Cause


  • Windows Server presented a certificate that contains a key that is less than 2048 bits.
  • PANOS >= 10.2 uses openssl >= 1.1.1 that requires RSA certificates with keys >= 2048 bits or ECDSA certificates with keys >= 256 bits.

Resolution


  • Issue a new certificate that meet the openssl requirements as shared before: RSA certificate keys greater or equal to 2048 bits or ECDSA certificate keys greater or equal to 256 bits.

Additional Information


See also

Changes to Default Behavior in PAN-OS 10.2

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/changes-to-default-behavior/changes-to-default-behavior-in-pan-os-10-2
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNIBKA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail