Jump to content

HSTS


Pbriel
 Share

Recommended Posts

Dear everybody,

since one week, i guess the last update, i am not able to get access to the webconsole of era. i am getting a hsts problem by accessing the webconsole using the domain-name. we already checked our firewall and all the servers around. No problems found. i hope you got any useful idea.

 

Thx Philipp

image.png

Link to comment
Share on other sites

  • ESET Staff

Seems there is problem with SSL/TLS certificate used by Apache Tomcat that is hosting ERA WebConsole. There are many alternatives what could be wrong:

  • make sure you are really connecting to ERA, i.e. that you are not redirected elsewhere.
  • check that you are accessing ERA console using domain name, that is actually included in SSL certificate.
  • make sure TLS certificate is valid (expiration date) and whether it is considered as valid by your system. In case this is self-signed certificate generated by ERA installer, it is possible, that new Firefox has to be configured to explicitly accept such certificate for this host - as you had done in history.
  • It is also possible, that Apache Tomcat is using TLS cipher suited that are no longer considered as safe.

Could you please provide more information, especially how you installed ERA, and what version you actually installed for the first time (certificate was most probably generated during initial installation). Is it possible to check for more detailed information from firefox browser? It would be great if you could provide more detailed error description.

Link to comment
Share on other sites

Hi.

the ERA is an virtual appliance (centos). I will provide more informations now. The problem accure by using firefox and chrome.

image.png.c0681e3d02a5fbd1e93f2b1ada0a3d95.pngimage.png.3277b535b5193133a61d07b4eada9f85.png

image.png.d7837c3661c481d7a9b467bc2c587041.png

 

 

Edited by Pbriel
Link to comment
Share on other sites

  • ESET Staff

Seems that your browser no longer accepts certificate that is used by ERA. In case you have not changed it since deployment, self-sign certificate is used and thus exclusion in browser is required. Also be aware that certificate was created only for specific IP address and hostname - are you accessing ERA console using the same URL in browser?

Could you please check whether tips from https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/ helps in your case? Could you alto try to access ERA console from "incognito" browser so that connection is not affected by history or cookies?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...