Why does the PCoIP Zero Client not trusting my connection to a system with a new certificate?

Rate this Article
Average: 1 (1 vote)

August 3, 2018

Last modified: 09/03/2023, 6:07 pm

Knowledge Base Article Troubleshooting Security HP Anyware Zero Clients

Problem

The PCoIP Zero Client produces a certificate error when connecting to a HP Anyware PCoIP Agent, PCoIP Connection Manager, PCoIP Security Gateway after the certificate has been renewed and signed by the same Root CA or Intermediate CA as the old certificate. Attempts at exporting and importing the certificate do not fix the issue. 

 

Cause

If the certificate was renewed and signed by the same servers the PCoIP Zero Client will have all the required certificates in the certificate store. The main change in the certificate will be the valid from date. The PCoIP Zero Client's time maybe incorrect or the certificate may have been issued in a different time zone that is in the future.

 

Resolution

Check the PCoIP Zero Clients time:

  • Ensure NTP is set and is reachable. If NTP fails, the PCoIP Zero Client will continue to use the last cached time. This can be a very long time in the last.
  • Ensure the NTP server is reliable and is reporting the correct time.
  • If using Firmware prior to 4.5.0, upgrade to the latest firmware to correct an NTP bug.

If the certificate valid from time is in the future, wait until your time zone catches up or roll back to the previous certificate if it is still valid.

Note: If the PCoIP Zero Clients are connected to a network that has a Microsoft Active Directory Domain, any domain controller can be used as an NTP time source for the PCoIP Zero Clients.