Jump to content

Mirek S.

ESET Staff
  • Content Count

    88
  • Joined

  • Last visited

  • Days Won

    2

Kudos

  1. Upvote
    Mirek S. received kudos from Peter Randziak in MDM certificate   
    Hello,
    As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement.
    I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users.
    HTH
  2. Upvote
    Mirek S. gave kudos to Perry in MDM certificate   
    Hi,
     
    You should create a full chain certificate which contains SSL cert, intermediate, root and private key.
     
    - Download XCA and install it.
    - Download OpenSSL and install it.
    1.) Create a empty file (C:\temp\cert-chain.txt) on your PC and past the following inside it:
    -----BEGIN CERTIFICATE-----
    (Your Primary SSL certificate from C:\temp\your_domain_name.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Intermediate certificate from C:\temp\TheIntermediateCA.crt)
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE-----
    (Your Root certificate part from C:\temp\TheTrustedRoot.crt)
    -----END CERTIFICATE-----
    2.) Now replace the content inside the brackets with your certificates (which you can export via XCA; PEM txt format). The order above is VERY important so do not mix it!
    2.) Export the private key (unencrypted in text format) with XCA from your certificate and store it inside  C:\temp\server.pemkey
    3.) Now merge everything together as pkcs12 (filename extension for PKCS #12 files is .p12 or .pfx). To do that open a CMD (run as admin) and perform:
    cd C:\OpenSSL-Win32
    openssl pkcs12 -export -inkey C:\temp\server.pemkey -in C:\temp\cert-chain.txt -password pass:ABCD -out C:\temp\certificate(chain_and_key).pfx
    4.) Your PFX file is now ready to be used.
  3. Upvote
    Mirek S. received kudos from Peter Randziak in MDM certificate   
    To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority.
    One of such certificate authorities is let's encrypt who provide certificates for free.
    ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store.
    @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  4. Upvote
    Mirek S. gave kudos to itman in User Interface will not display   
    Refer to the screen shot you posted. A Start Mode of Minimal will only allow notifications to be displayed.
    Appears the Manual setting is what you desire:
    https://download.eset.com/com/eset/apps/business/ees/windows/latest/eset_ees_7_userguide_enu.pdf
  5. Upvote
    Mirek S. gave kudos to MichalJ in Future changes to ESET Security Management Center / ESET Remote Administrator   
    @andy_s We will track this as an improvement request, towards the future versions. Issue is, that the "upgrade" itself is handled by Endpoint (in case you execute scan and select option "shutdown after scan"), and Endpoint does not initiate agent wakeup to report scan completion. It simply triggers shutdown, before the result is replicated.
    Maybe, if you are willing to, can you explain why are you shutting down the machines? Is it to save power over weekends, or? As there might be different way how to achieve that. One that will report "success" would be a run command, with a respective windows shutdown / with delay, as task would report "Success" not in the moment of task execution, but on the moment when it contacted WMI provider with the command the reboot. If system acknowledged, it will report success.  Also, out of curiosity, what is your replication interval?
  6. Upvote
    Mirek S. gave kudos to Kieran Barry in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Description: Enable right-click and double-click in ERA
    Detail: ERA is one of the most easy-to-use management services I have used. However i believe that to make it more ergonomical there should be a functionality that lets users double-click on something. For example, when wanting to generate a report you first have to click on the report, then go down to the "GENERATE NOW" button and click that. I feel like adding the ability to open reports and other things with a simple double-click action would improve accessibility.
    The right-click I admit is quite an odd suggestion seeing as if you click on a field once it brings up a menu etc, however, again for things like editing reports, you first have to click the report, then click on the little cog icon over to the far right, and then click on edit. Would it not be easier just to be able to right click the report and choose edit?
     
    A very pedantic suggestion I know...
  7. Upvote
    Mirek S. gave kudos to LCS in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Agreed. I even thought about the programming logistics of that when I posted it, but as the forum is about suggestions, I thought what the heck, let's put it in, as it is a nice idea (IMO) 
    Andy
×
×
  • Create New...