Maurizio 0 Posted September 13, 2018 Share Posted September 13, 2018 (edited) After upgrading MDM to version 7.0.394, I got the critical alert "ESET HTTPS certificate chain is incomplete. Enrollment is not allowed", I've so created a new HTTPS certificate and applied it to the MDM server with a dedicated policy, but now I've the new error "ESET MDM hostname does not match HTTPS certificate" and all my mobile devices are deactivated and I can't enroll new devices. I've followed the guide here https://support.eset.com/kb3686/#hostnamewarning2 but there is no more "hostname" options in the "Mobile Device Connector" policy and also there is no more "ESET Remote Administrator Mobile Device Connector" policy to select in the new policy list. I've install/repaired the MDM module to verify/change the hostname, is there any other method to do that? Edited September 13, 2018 by Maurizio Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted September 13, 2018 ESET Staff Share Posted September 13, 2018 Hello, You can ensure certificate You created has valid (same) hostname via GetConfiguration task. (hostname is still visible in configuration) The reason for removal from policy was that changing this option is essentially equal to reinstallation. (all devices lose connectivity) If configured hostname matches the certificate, please PM me ESET log collector logs. Thanks and sorry for the inconvenience. Link to comment Share on other sites More sharing options...
Maurizio 0 Posted September 14, 2018 Author Share Posted September 14, 2018 The hostname it's the same of the MDM certificate I assigned with the policy, but if I check the certificate in Firefox it shows me an old certificate with different hostname. It's like the policy doesn't change the mdm https server certificate. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted September 14, 2018 ESET Staff Share Posted September 14, 2018 (edited) This is "feature". You can change the timeout interval when new certificate is applied. Otherwise, MDM waits till all devices exchanged their current trust with new one. As You changed hostname the devices must be re-enrolled anyway (as by hostname change they lost connectivity). You can find this timeout in policy in https certificate. As a side note, You're getting the protection state because protection states are evaluated on a certificate which is currently in use. We will think how to make this clearer for a future version. Edited September 16, 2018 by LegacyConnectorSupport Link to comment Share on other sites More sharing options...
Recommended Posts