This post is relevant for some customers that uses the Aurena Agent and where the IFS server has SSL/TLS certificates provided by Digicert.

The problem

We recently got a report from a customer using the Aurena Agent that it stopped working. After some investigations by IFS Support it was concluded that the problem was due to a recent mass-expiration of SSL/TLS certificates provided by Digicert (it has been reported about for example here: https://www.bankinfosecurity.com/revoked-digicert-digital-certificates-27-yet-replaced-a-26032). This forced a new certificates to be installed on the IFS server, which in turn makes to the Aurena Agent refuse to execute any commands initiated from that server.

Background

When the Aurena Agent installer is run, the URL to the IFS Cloud environment server needs to be provided. The installer downloads the certificate from the server and stored a "hash" (a sort of fingerprint) of the certificate on the user's PC. Later, whenever the Aurena Agent is used from that environment, for every command, the Aurena Agent checks if the hash is still the correct one. If the server's certificate has been changed, the hash will be different and the Aurena Agent will not execute any commands.

Solution

The solution is simple: simply execute the Aurena Agent installer again, providing the URL to the server. A new hash will be stored on the user's PC and after reloading the web browser tab where IFS Cloud runs, the Aurena Agent should work again.

All users don't need to do this manually if their IT department can push out a new version of the file where the certificate hash is stored (C:\Users\USERNAME\AppData\Local\IFS\IFSAurenaAgent\allowed_hosts.txt).

Questions?

For any questions, just add a comment below, or contact IFS Support.