superzpy 0 Posted October 4, 2017 Share Posted October 4, 2017 when I add a license in ERAconsole, I get an error: "Failed to add license by license key ". I think my network connection run well because efsw installed on the same server can be activated with the same license. The attachment is the era trace log by 'Trace' level. I didn't see any error in it. trace-guangda.TXT Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted October 4, 2017 ESET Staff Share Posted October 4, 2017 (edited) I am not able to verify it now, but it seems to be problem with SSL/TLS certificate validation. Could you be more specific of your environment, i.e. windows? linux? is it updated? version of ERA? When ERA is synchronizing licenses, it is connecting to https://edf.eset.com/edf and strictly validating it's SSL certificate against certificate store of "local system" (= not against user store). Please verify that CA certificate "thawte Primary Root CA - G3" with SHA1 fingerprint F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 is available in computer certificate store -> it can be accessed using MMC console, search for "Adding certificates to the Trusted Root Certification Authorities store for a local computer" in the Manage Trusted Root Certificates article. Also if it is problem with certificates, it should be visible in network (wireshark) capture of traffic to edf.eset.com. Edited October 16, 2017 by MartinK Fixed invalid sha1 fingerprint of CA certificate Link to comment Share on other sites More sharing options...
superzpy 0 Posted October 16, 2017 Author Share Posted October 16, 2017 Thank you,Martin.Just as you say, the CA certificate "thawte Primary Root CA - G3" is not available in computer certificate store. What may cause this? and how to do after that? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted October 16, 2017 ESET Staff Share Posted October 16, 2017 This certificate should by trusted by system itself, as it is distributed by windows update system (see list of trusted CA certificates) -> it is the one with thumbprint F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2. What operating system version are you actually using? If I recall correctly, ERA should contact ESET servers (pki.eset.com -> see list of IP addresses in documentation) - any chance you are actually blocking this URL? Asking because trace.log shows that there were problem with contacting ESET servers some time ago. I would recommend to check whether operating system it updated, especially whether Windows root certificates are up-to-date. It is also possible to download required certificate from Thawte official pages and import in into "Local system" store, as was described in article I mentioned in previous post. Link to comment Share on other sites More sharing options...
superzpy 0 Posted October 18, 2017 Author Share Posted October 18, 2017 The problem is solved. I downloaded certificate from thawte and imported it. Thanks for helping. Link to comment Share on other sites More sharing options...
Recommended Posts