Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Mirek S.

  1. I believe easiest option would be to redeploy via SCCM (with valid install_config). This will repair installation on all endpoints. Now this might get tricky if You are on SCCM 2012+ as it lost option to rerun, instead detection based on time of installation could be used. As a sidenote it seems to me like quiet installation without valid hostname should not succeed, at least I don't see any use-case for it.
  2. Hello, As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement. I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users. HTH
  3. To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority. One of such certificate authorities is let's encrypt who provide certificates for free. ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store. @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  4. Hello, As a sidenote there was also added option to supress Apple related protection states (as many of our users don't use Apple devices). It's in MDM policy "General" > "Send iOS related application statuses". However as Apple only conforms to CA/Browser _consortium_ it's best practice to conform to these rules as well. HTH, M.
  5. Hello, Hostname is stored in MDM configuration. We sadly removed configuration option for hostname in policy (as some users broke their MDM by changing it), so currently only supported way to change hostname is reinstallation (or repair). HTH, M.
  6. Hello, Based on error, it seems like application does not have connectivity to MDM. If You are sure MDM site is accessible from phone You can submit customer care ticket from application (which will include all relevant logs) HTH, M.
  • Create New...