Jump to content

PF4Public

Members
 View Profile  See their activity

  • Posts

    29

  • Joined

  • Last visited

 Content Type 

Posts posted by PF4Public

    Cannot add License into Security Management Center

    in ESET Licensing for Business

    Posted · Edited by PF4Public
    typo

    22 minutes ago, Marcos said:

    After adding the license to EBA and entering your ELA password, a verification email is sent to your email address. We see that it was sent 3 times and the verification link was not clicked. Did you get these emails?

    Yes, I've got all of them and clicked all of them! And every time, I click the link, I got the error. Screenshot with that error I've already sent to @Marcos.

    Here is the screenshot from browser developer tools:

    image.png.0a838a9ef66693803ab698c336766a36.png

    Cannot add License into Security Management Center

    in ESET Licensing for Business

    Posted

    @MichalJ If we're talking about SMC, it had previous (expiring) license with a different key. And every time I tried to add this one (renewed), it failed with the error, saying, that this license is already added. Then I've removed this old license and tried to add this renewed license once again, it failed with a different error. Unfortunately, I didn't remember it and cannot recreate that case, because now, trying to add this renewed license, it fails, saying, that this license is already added, but the list is empty.

    1 hour ago, MichalJ said:

    I would recommend to contact ESET customer care and create a ticket as it might be needed to analyze it by developers.

     

    19 hours ago, PF4Public said:

    Ofcourse I have tried contacting my local reseller first. There was actually an issue with activating this license, but it was resolved immediately.

     

    19 hours ago, PF4Public said:

    In the last email they've sent me a screenshot of ELA, showing a green check, assuring me, that it's all fine, as if I was having troubles with ELA.

     

    19 hours ago, PF4Public said:

    Could my issue be dealt with by ESET developers instead?

     

    Cannot add License into Security Management Center

    in ESET Licensing for Business

    Posted

    Recently I have renewed my ESET license and updated ERA to SMC.
    Upon trying to add my new license into SMC, I get error, saying that this licence is already added, even though the list is still empty (not a caching/delay issue, as this issue persist for 2-3 days already). Trying to add this license into EBA, I get also an error, after using the link in confirmation e-mail.

    Ofcourse I have tried contacting my local reseller first. There was actually an issue with activating this license, but it was resolved immediately.

    With regard to _this_ issue, they've tried to do something on their end, but nothing changed for me really. In the last email they've sent me a screenshot of ELA, showing a green check, assuring me, that it's all fine, as if I was having troubles with ELA. It is _not_ okay for me, if I cannot use my new license in SMC, no matter how green the check in their screenshot is. I'm starting to loose my patience.

    Could my issue be dealt with by ESET developers instead?

    Can't activate license via ERA

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Looks like I was trying to activate wrong product, nonetheless thanks for willing to help.

    I have tried to repeat the process of creating all-in-one installer for Windows and notice that changing product language changes the product selected! It seems to me, that I didn't notice that after I've changed product language, which led me to installing wrong product as a consequence. 

    Is it expected behaviour?

    FQDN not full

    in ESET PROTECT On-prem (Remote Management)

    Posted

    How does ERA agent obtain FQDN name of a computer it is running on?

    I have one computer, which FQDN equals to its hostname, as such it is not renamed by "Rename task".

    I have proper DNS set up as well as I can nslookup the IP in question, which returns FQDN name, not only the hostname.

    What could be the problem here?

    SessionNotValidException while authenticating in web console

    in ESET PROTECT On-prem (Remote Management)

    Posted

    Hello
    I have installed ERA web console and it is operating normally on 8080 port. I can log in with Administrator account and so on (except license cannot be activated as per another topic).
    I have tried to pass the traffic through nginx so as to use http2 and tls, but authentication fails with "//EX[0,1,["sk.eset.era.commons.common.model.exceptions.SessionNotValidException/****"],0,7]" reply immediately after "//OK[1,["****\x3D\x3D"],0,7]".

    Nginx config is as follows:

    

server {
listen 80;
server_name era.****;
access_log /var/log/nginx/era.insecure.access.log;
return 301 https://era.****$request_uri;
}

server {
listen 443 ssl http2;
server_name era.****;
access_log /var/log/nginx/era.access.log;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate ssl/era-chained.crt;
ssl_certificate_key ssl/era.key;
location / {
proxy_pass hxxp://localhost:8080/;
}}

    I have tried following settings:

    

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

    But this didn't help.

    Please advice on how to resolve this issue.

    Thanks.

    Custom PKI and ERA

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by PF4Public

    >this wrong-issuer behavior when signing by intermediate CA certificate will be fixed in upcoming release

    Thanks for the information. Much appreciated.

     

    >it will be possible to sign with external CA certificate using Custom PFX file in signing wizard

    This is an important thing, I didn't pay attention to this selection in "create certificates" dialog, thus didn't notice the possibility.

     

    >without need of importing it into ERA

    I think I start to realize how bad is it to store private key in MySQL database security-wise. So it is possibly quite justified not to import private keys in ERA at the first place.

     

    So, just to sum it all up.

    1. If one wants to manage PKI oneself, ERA has the possibility to temporarily upload server/agent/etc (that is - end-entity) certificate and its corresponding private key to immediately use them as server certificate or distribute via policy without preserving in database. Also it has the possibility to import CA's certificate (without its private key) to be able to verify peer certificates, issued by that particular CA.

    2. If one wants to manage PKI oneself, but delegate some of the certification tasks to ERA, this is also achievable. One should have the CA certificate and it's private key at hand to temporarily upload them to ERA to facilitate certificate creation and signing. Certificate and key used in this process are not saved to ERA database. Only the resulting end-entity certificate is saved to ERA database for later use. However due to wrong-issuer bug in ERA on Linux this will be only possible after the next release (current release being 6.4 - for the record). This does not apply to self-signed CA, which is handled properly by ERA.

    Am I correct?

     

    Also, please make sure these possibilities documented in your guides: both online and pdf/printed.

    As well as your advice to use 127.0.0.1 instead of localhost (with a little note on why this is necessary) and the fact that mysql odbc driver available in current Debian repository does not function, suggesting to use one from MySQL website.

    Custom PKI and ERA

    in ESET PROTECT On-prem (Remote Management)

    Posted

     

     

    Could you please specify why do you need it to be there? You are using database without TCP, accepting only connections through local socket?

     

    I had hard time establishing connection to MySQL database through ODBC from ERA and ERA installer. There were issues with MySQL ODBC connector available in Debian repositories, so I had to use the ones available from MySQL website. Which for the reason not  known to me tried to connect through the socket completely ignoring hostname and port specified in connection string. But this way everything got connected and operating properly. Thus I didn't do any further researching on this issue.

     

     

    We actually had this the same problem in ERA appliance (CentOS 6/7 based). MySQL ODBC connector attempts to use socket file in case specified DB hostname is localhost instead of expected TCP connection. We are currently using (and also recommending)  DB hostname 127.0.0.1 which should be equivalent to localhost, except that MySQL uses TCP connection as is expected by ERA.

     

    I've just removed socket specification from StartupConfiguration.ini and also replaced localhost with 127.0.0.1 and indeed after service restart it looks like ERA could successfully connect to MySQL database.

    Thanks for the hint.

    Custom PKI and ERA

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by PF4Public

    Could you please specify why do you need it to be there? You are using database without TCP, accepting only connections through local socket?

     

    I had hard time establishing connection to MySQL database through ODBC from ERA and ERA installer. There were issues with MySQL ODBC connector available in Debian repositories, so I had to use the ones available from MySQL website. Which for the reason not  known to me tried to connect through the socket completely ignoring hostname and port specified in connection string. But this way everything got connected and operating properly. Thus I didn't do any further researching on this issue.

×
×
  • Create New...