Hi!
I'm having certificate issues during the installation of ESET Endpoint Security on Android mobile devices.
This question is related to both MDM and "customer care" issues with an ESET MSP.
This forum is the most related one among the ones I can select for a new topic.
Apologies if it is the wrong place, Let me know the right forum in such case.
I'm looking for suggestions on how is a good way to proceed in a case like the one described below.
Thanks in advance for any suggestion.
Case description:
I'm having certificate issues during the installation of ESET Endpoint Security on Android mobile devices.
I have an MSP business license. The MSP provider emailed me a link (to open on the devices) that, via an intermediate page, leads to play store to download/install the ESET Endpoint Security app.
The link's target page opens with a certificate error:
firefox error is SEC_ERROR_UNKNOWN_ISSUER
chrome error is NET::ERR_CERT_AUTHORITY_INVALID
It seems to be some kind of certificate misconfiguration on the MSP side so I stopped and opened a ticket reporting it to the MSP along with the info about the invalid certificate.
They replied and immediately marked the issue as resolved:
"the installation can be completed even in case of expired certificates"
This seemed strange to me.
The error is not about "expired certificates", it is about invalid Certification Authority.
Accepting their advice I used the link to download the product from the store but when the app starts another certificate error pops up, this time in a window with the options "proceed anyway" and "cancel" and the following message (*1):
Your certificate is not setup properly
You may have setup your certificate incorrectly or you might be under attack from third parties trying to steal your data
I asked myself "Is it really ok to continue?".
I reopened the ticket asking the MSP to confirm the legit of the certificate in previous communication.
They replied and immediately marked the issue as resolved, again:
You can proceed with the installation.
ESET has no contraindications about the AV engine operations.
Here again the MSP response seems to be vague.
The ticket is about the legit of the certificate. I can't understand why they are talking about "contraindications about the ESET AV engine operations".
There seems to be something wrong here but I'm not sure about it.
I'm trying to figure out what is going on. Maybe I'm behaving with an excess of caution, or it could be a neglect on the MSP side.
What could be a good way to proceed in such cases?
Is it right to insist on fixing the certificate issue before continue with the installation?
Or is it not a big deal and I'm just getting it in the wrong way.
Thanks for any help.
FOOTNOTE:
(*1) The certificate info in both the link page and the app refers to the same certificate (both have the same SHA-256 fingerprint)