[How to specify subjectAltName when creating a certificate using ESMC]

To answer my own question, make sure you enter the correct details in the host field.

 

[How to specify subjectAltName when creating a certificate using ESMC]

I'm using the ESMC webconsole and creating a peer certificate to replace the existing default ESMC Server Certificate.

I would like to specify the subjectAltName rather than getting the "DNS Name=*" default one that's created by the wizard automatically.

Am I able to specify the subjectAltName (as there doesn't appear to be a field for that on the form).

 

 

[How to resolve a "No alerts" security risk?]

Thanks for the response.  After a number of days this PC has now cleared the alert itself. 

 

[How to resolve a "No alerts" security risk?]

Hi folks, 

I have one computer being reported in my ESET SMC dashboard as a security risk.  When I review its details the risk is that there are "No alerts".

I haven't been able to find any details as to what might cause this.

 

This issue has only occurred after upgrading to the latest agent and end point versions:

 

ESET Management Agent 7.1.717.0Up-to-date version

ESET Endpoint Antivirus 7.2.2055.0Up-to-date version

 

I have checked the status.html page and it looks normal compared to other working PCs.

 

Any suggestions?

Thanks

 

 

[How to configure ciphers for communication between ERA Server & Web Console]

For anyone's future reference, ESET support advised there wasn't a way to modify the ciphers for the service on this port.  So we resolved this issue by removing the firewall rule for port 2223 from the appliance.  This will impact server assisted installations but we don't utilise that function.  

 

iptables -S

ip6tables -S

iptables -L -n

ip6tables -L -n

iptables -R INPUT 4 -p tcp --dport 2222 -j ACCEPT

ip6tables -R INPUT 4 -p tcp --dport 2222 -j ACCEPT

iptables -L -n

ip6tables -L -n

 

Note you need to ensure you replace the correct rule (in our case it was line 4).

 

 

[How to configure ciphers for communication between ERA Server & Web Console]

A security scan reported vulnerabilities on port 2223 (tcp over SSL) of our ESET appliance server.

I understand this port is used for communications between the ERA Web Console and ERA Server itself.  Where can I configure the ciphers used for this service/port?

I've previously changed TLS & Cipher settings for the Web Console itself but can't find the relevant area to configure the service on port 2223

Thanks.

ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

CentOS Linux 7.6.1810

 

 

RESULTS:

CIPHER	KEY-EXCHANGE	AUTHENTICATION	MAC	ENCRYPTION(KEY-STRENGTH)	GRADE
TLSv1.2 WITH 64-BIT CBC CIPHERS IS SUPPORTED
DES-CBC3-SHA	RSA	RSA	SHA1	3DES(168)	MEDIUM
EDH-RSA-DES-CBC3-SHA	DH	RSA	SHA1	3DES(168)	MEDIUM
ECDHE-RSA-DES-CBC3-SHA	ECDH	RSA	SHA1	3DES(168)	MEDIUM

[ESMC 7 ERA Web Console - How to import 3rd party SSL certificate]

I am trying to resolve the browser warning that occurs when accessing the ESET 7 ERA webconsole. 

I have a SSL certificate for the ESET Virtual Appliance generated by our inhouse CA but cannot determine how to import the certificate for use just by the ERA web server.

There are a number of articles relating to use of certificates for server and client components and interactions but I only want to change the certificate used by the ERA webconsole.  We have a Virtual Appliance installed (i.e. ESET webconsole is not installed on a Windows Server). 

Interestingly, changing the certificate used by WEBMIN on the VA was straightforward.

Thanks