Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by Mirek S.

  1. Hello,

    I would not recommend using ODBC driver newer than 5.3.11.

    Other than incompatibilities later MySQL ODBC drivers/client library also switched to unconditional use of openssl instead of internal TLS implementation they used to have and in some cases this triggers startup clashes of openssl initialization where MDM requires some setup and MySQL actually uses different one causing runtime issues.



  2. Hello,

    MDM should register with EPNS on behalf of devices (devices themselves use FCM or APNS). The reason for this error is EPNS tokens did not make it onto ESMC server for some reason. Please verify MDM proxy can replicate to ESMC server and can connect to EPNS (epns.eset.com:8883/443), otherwise we will need high verbosity logs from MDM and MultiAgents - please create customer care ticket.

    As a sidenote this issue is "cosmetical" as communication between devices and MDM is triggered by new work for device (task) or by EESA when it has logs, we added EPSN only for "single paint of glass" feeling.


  3. Hello,

    As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement.

    I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users.


  4. To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority.

    One of such certificate authorities is let's encrypt who provide certificates for free.

    ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store.

    @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.

  • Create New...