ESET Server Certificate

[ronmanp 2]

Hi, why is https://edfpcs.trafficmanager.net signed with a certificate that is issued to https://edf.eset.com ? 

Should at least add a SAN for it. 

Our web proxy is blocking it because there's a certificate mismatch. 

 

[Peter Randziak 1,130]

Hello Ronmap,

I checked it with the EDF guys, which checked it with the security team and it seems everything is set up correctly.

The is no http redirection, just DNS balancing so it should not return an certificate mismatch.

Do you access https://edfpcs.trafficmanager.net somehow directly? 

Or from machines with which ESET product do you see this error?

Regards, P.R.

[ronmanp 2]

Hi Peter, 

We had issues activating ESET Endpoint Antivirus and after monitoring ESET and our web proxy logs we found out https://edfpcs.trafficmanager.net/ was getting blocked due to certificate mismatch. 

So our web proxy blocks it before the balancer can do its job. 

Not a big deal because we manually whitelisted it but I feel like we'd have a lot more issues than just ESET activation servers if our web proxy didn't support DNS balancers.

[Peter Randziak 1,130]

The domain trafficmanager.net belongs to Microsoft so we won't be even able to deploy there any other certificate,...

As far as I know this is first such request so good you were able to resolve it by whitelisting it,...

[ronmanp 2]

Yes we are ok here, just wanted to share this in case someone had the same problem as we had to spend some time on this problem. 

On the same note, even just by accessing https://edfpcs.trafficmanager.net in Chrome will prompt a security warning which is sub-optimal to say the least. 

I known it's not meant to be accessed directly but it could probably be improved.

You can consider this as resolved for us. 

Thanks for looking into it,