If GUS cannot communicate with Main GUS or GUS proxy due to a certificate issue, you can manually reset the server certificate associated with that Main GUS or GUS proxy.
Cause
Each GUS pins the certificates used to communicate with other applications such as the Main GUS or GUS proxy.
A certificate error can occur if the Main GUS or GUS proxy certificate changes. It causes a mismatch with the certificate that GUS pinned initially. An error can also occur when the certificate fails any certificate or SSL policy validation used by the GUS. For example, if a certificate has an expired date, the GUS does not trust it and rejects it.
Solution
Ensure that the failed connection is with the expected server. Remove the certificate saved on the client GUS to restore communication.
- Stop the Genetec Update Service and Genetec Update Service Sidecar services.
- Go to C:\ProgramData\Genetec Update Service\Certificates\Server\
and delete both the certificate and the certificate pin files:
- [Hostname]_[restPort#].cer
- [Hostname]_[restPort#].pin.xml
- Restart the Genetec Update Service and Genetec Update Service Sidecar services.
If a trusted certificate is configured in GUS, ensure that the certificate is valid. Also, check that it contains both the machine hostname and the Fully Qualified Domain Name (FQDN) in the certificate Subject Alternative Name (SAN).