Jump to content

Mirek S.

ESET Staff
  • Content Count

    87
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Mirek S.

  1. Hello, As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement. I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users. HTH
  2. To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority. One of such certificate authorities is let's encrypt who provide certificates for free. ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store. @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  3. Hello, As a sidenote there was also added option to supress Apple related protection states (as many of our users don't use Apple devices). It's in MDM policy "General" > "Send iOS related application statuses". However as Apple only conforms to CA/Browser _consortium_ it's best practice to conform to these rules as well. HTH, M.
  4. Hello, Hostname is stored in MDM configuration. We sadly removed configuration option for hostname in policy (as some users broke their MDM by changing it), so currently only supported way to change hostname is reinstallation (or repair). HTH, M.
  5. Hello, Based on error, it seems like application does not have connectivity to MDM. If You are sure MDM site is accessible from phone You can submit customer care ticket from application (which will include all relevant logs) HTH, M.
  6. Hello, Can you please provide output of 7.1 Agent's Diagnostic.exe action 5) - ActionDumpRegistryKeys. Dump product's registry keys. This should have been fixed in late 7.0 and 7.1, however as we realized only for english installations. If You used localized UI installation or TRANSFORMS=":insert language here" argument of installer in the previous installation the issue is still possible. Please note that Self Defense will prevent creating diagnostic data inside Agent directories so output should be set somewhere not protected. HTH, M.
×
×
  • Create New...