Why does My Opswat Central Managemant show a "Significant Issue" with a certificate-related error?

Issue:

My OPSWAT Central Management (OCM10) displays a "Significant Issue" with a certificate-related error "err": "Invalid item for type: rule", "err_details": {"errors": [{"error":"Contains none-existing item","key":"allow_cert.cert","value":"manifestcert"}], "name": "Kiosk"}.

Root cause:

This error occurs due to a case-sensitive mismatch in certificate names used for batch signing between MetaDefender Core and OCM10.

Specifically:

• The Core's workflow (e.g., Kiosk) has the “Generate batch signature with certificate” option enabled.

• The certificate name defined in MetaDefender Core (e.g., "ManifestCert") does not match the name configured in OCM10 (e.g., "manifestcert").

Even though the names appear similar, certificate names are case-sensitive. A mismatch like this breaks the link between Core and OCM10, triggering the alert.

Resolution:

To resolve the mismatch, follow these steps in MetaDefender Core UI:

1. Unenroll the Affected Core

• In MetaDefender Core UI > Click on Managed

• Click Unenroll.

2. Temporarily Disable Batch Signing

• Go to Workflow Management > Workflows .
• Select the affected workflow (e.g., Kiosk).
• In the General tab, uncheck “Use certificate to generate batch signature.”

• Save changes.

3. Correct the Certificate Name

• Go to Inventory > Certificates.
• Either rename the existing certificate to match OCM (e.g., "manifestcert") or add a new certificate with the correct name.

4. Re-enable Batch Signing

• Return to Workflow Management > Workflows.
• Open the workflow.
• Re-enable “Use certificate to generate batch signature.”
• Select the correctly named certificate (e.g., "manifestcert").

• Save changes.

5. Re-enroll MetaDefender Core

• Check this link to see how to enroll an instance to My OPSWAT Central Management