-
Posts
36 -
Joined
-
Last visited
Posts posted by BaldNerd
-
-
-
When you first setup the VA there was a checkbox to enable it. You mustn't have spotted it during setup. It's easy to enable in the settings after the fact though, so no harm done.
No, I don't think it should be on by default. If the user is setting up the ESMC server behind a VPN or on the WAN, that would create a lot of unnecessary traffic as the devices check in. It's better to let the devices by default get their definitions directly from ESET's servers, and only proxy (mirror) them if specifically enabled by the admin.
Hope that helps!
Robbie // The Bald Nerd
-
On ESET Security Management Center the mirror has been replaced with an Apache HTTP Proxy. Please see https://help.eset.com/esmc_install/70/en-US/apache_http_proxy.html
I think that is what you are looking for. Let me know.
Robbie // The Bald Nerd
-
Thank you @janoo and @Mirek S..
I'll look at the docs provided there which do look more current--great.
Re. my certificate, I'm directly using the Let's Encrypt pem files to create the pfx as follows:
openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out letsencrypt.pfx -password pass:*******
Then, that pfx file is passed to mdmcore-linux-x86_64.sh during installation with the 'https-cert-path' switch.
From there, I'm not sure where to go - MDC is installed as per my first post, and shows the error in ESMC as per above.
Please let me know what you suggest.
Thanks,
Robbie // The Bald Nerd -
On 9/30/2019 at 7:55 AM, Mirek S. said:
It's actually "feature"... We had customers who reconfigured this and lost connectivity so this setting was removed around v 6.5
Sad. Perhaps an "Advanced User" mode to put it back again? Can't always just cater to those who refuse to read the manual.
-
On 9/26/2019 at 6:34 AM, arsini said:
1. provide the option to sort the rules by column
I don't see that as an unfair request. The addition of a column "Priority" would alleviate the issue. It would be sane from a UX perspective to allow clicking the headings to sort by Name, Enabled, Protocol, Profile, etc. with the addition of a new column, Priority. The headings even highlight when you mouseover, and UX principles tell the user that they should click to sort, but it doesn't... so it just seems broken.
PS - ESET should change the forum Rank names. As far as I'm concerned, it appears as though @arsini was just trolled by an ESET Trainee 🤣
-
Please add me to the beta list, and let me know if you want anything specific tested. I administer hundreds of Linux servers. Thanks
-
-
On 9/26/2019 at 8:09 AM, MichalJ said:
AFAIK, Change of the ports & MDMCore hostname can be only made by re-installation of the Mobile Device Connector component.
That's how it looks to me too. During [re]installation of MDM you can use --mdm-port= to define the MDM port to use (normally the default is 9981) and --mdm-enrollment-port= to set the MDM enrollment port (default is 9980).
On the VA, you can just login to the Linux terminal and reinstall MDM with https://download.eset.com/com/eset/apps/business/era/mdm/latest/mdmcore-linux-x86_64.sh
I'd simply suggest taking a snapshot of the appliance first, just in case - will save you a ton of headaches if you break something while tinkering since you can quickly revert and try again.
It's indeed surprising this is not an included feature (ie., setting) within ESMC. Seems you can change other ports, just not the MDM.
Good luck!
Robbie // The Bald Nerd 🤓
-
Hi all,
🤓
I understand MDC requires the certificate fullchain, and since my ESMC is on a subdomain, I am using Let's Encrypt for the console cert. It works great. However, I want to also use this cert for my MDC, and I'm simply unsure how to do this.
A little about my setup:
- This is a Linux-based ESMC server (irrelevant really, but just getting that out of the way before anyone tries to tell me to do some Windows witchcraft 😏)
- ESMC Server v 7.0.471.0 / ESMC Web Console v 7.0.429.0 / MDC v 7.0.528.0
- I have Let's Encrypt certificates generated for the subdomain where my ESMC server resides. It works fine, and the cert shows correctly in the browser (no self-signed cert for my ESMC browser session).
- I have a Java Keystore, which I use for Tomcat9's server entry. The keystore contains the Let's Encrypt cert.
- My CSR (which is used to generate the Let's Encrypt cert) is generated from the keystore.
- I generate a PFX from the Let's Encrypt cert, and this PFX is available if needed (eg., could be used within a config).
I've tried adding my Let's Encrypt cert to my system's ca-certificates store, to no effect.
The ESMC interface shows that my MDC is in this state: "ESET HTTPS certificate chain is incomplete. Enrollment is not allowed"
So, I think I have all the bits and pieces needed, but am unclear how to setup MDC to use my cert. The kbase articles I find are obsolete, with the only one I can find that looks reasonable recent saying not to do the steps on MDC 7+.
Thanks in advance for taking the time to assist.
Robbie // The Bald Nerd
How do I setup Let's Encrypt for MDC?
in ESET PROTECT On-prem (Remote Management)
Posted
Thanks @Mirek S.
fullchain.pem is generated by letsencrypt certbot. As you likely already know, this file is the concatenation of cert.pem and chain.pem (the public cert + the chain).
So, here is what mine looks like:
Your comment about a possible missing CA made me think (facepalm) about my CSR: Perhaps I should be using 0001_chain.pem instead of fullchain.pem! After all, I am providing my own CSR as previously stated. I just expected my CSR would be part of the fullchain.pem, but running diff I between the two fullchain pem files (fullchain.pem, 0001_chain.pem), they're not a match.
Thoughts?
Thanks!
Robbie // The Bald Nerd