Jump to content

Cannot add license in ERAconsole


Recommended Posts

when I add a license in ERAconsole, I get an error: "Failed to add license by license key ".

image.png.128498b5282cd741d25e4e7a0d3ca601.png

I think my network connection run well because efsw installed on the same server can be activated with the same license.

The attachment is the era trace log by 'Trace' level.  I didn't see any error in it.

 

trace-guangda.TXT

Link to comment
Share on other sites

  • ESET Staff

I am not able to verify it now, but it seems to be problem with SSL/TLS certificate validation. Could you be more specific of your environment, i.e. windows? linux? is it updated? version of ERA?

When ERA is synchronizing licenses, it is connecting to https://edf.eset.com/edf and strictly validating it's SSL certificate against certificate store of "local system" (= not against user store). Please verify that CA certificate "thawte Primary Root CA - G3" with SHA1 fingerprint  F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 is available in computer certificate store -> it can be accessed using MMC console, search for "Adding certificates to the Trusted Root Certification Authorities store for a local computer" in the Manage Trusted Root Certificates article.

Also if it is problem with certificates, it should be visible in network (wireshark) capture of traffic to edf.eset.com.

Edited by MartinK
Fixed invalid sha1 fingerprint of CA certificate
Link to comment
Share on other sites

  • 2 weeks later...

Thank you,Martin.Just as you say, the CA certificate "thawte Primary Root CA - G3" is not available in computer certificate store. What may cause this? and how to  do after that?

Link to comment
Share on other sites

  • ESET Staff

This certificate should by trusted by system itself, as it is distributed by windows update system (see list of trusted CA certificates) -> it is the one with thumbprint F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2. What operating system version are you actually using? If I recall correctly, ERA should contact ESET servers (pki.eset.com -> see list of IP addresses in documentation) - any chance you are actually blocking this URL? Asking because trace.log shows that there were problem with contacting ESET servers some time ago.

I would recommend to check whether operating system it updated, especially whether Windows root certificates are up-to-date. It is also possible to download required certificate from Thawte official pages and import in into "Local system" store, as was described in article I mentioned in previous post.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...