Jump to content

ESET MDM hostname does not match HTTPS certificate


Recommended Posts

After upgrading MDM to version 7.0.394, I got the critical alert "ESET HTTPS certificate chain is incomplete. Enrollment is not allowed", I've so created a new HTTPS certificate and applied it to the MDM server with a dedicated policy, but now I've the new error "ESET MDM hostname does not match HTTPS certificate" and all my mobile devices are deactivated and I can't enroll new devices.

I've followed the guide here https://support.eset.com/kb3686/#hostnamewarning2 but there is no more "hostname" options in the "Mobile Device Connector" policy and also there is no more "ESET Remote Administrator Mobile Device Connector" policy to select in the new policy list.

I've install/repaired the MDM module to verify/change the hostname, is there any other method to do that?

Edited by Maurizio
Link to comment
Share on other sites

  • ESET Staff

Hello,

You can ensure certificate You created has valid (same) hostname via GetConfiguration task. (hostname is still visible in configuration)

The reason for removal from policy was that changing this option is essentially equal to reinstallation. (all devices lose connectivity)

If configured hostname matches the certificate, please PM me ESET log collector logs.

Thanks and sorry for the inconvenience.

Link to comment
Share on other sites

The hostname it's the same of the MDM certificate I assigned with the policy, but if I check the certificate in Firefox it shows me an old certificate with different hostname.
It's like the policy doesn't change the mdm https server certificate.

Link to comment
Share on other sites

  • ESET Staff

This is "feature". You can change the timeout interval when new certificate is applied. Otherwise, MDM waits till all devices exchanged their current trust with new one. As You changed hostname the devices must be re-enrolled anyway (as by hostname change they lost connectivity).

You can find this timeout in policy in https certificate.

As a side note, You're getting the protection state because protection states are evaluated on a certificate which is currently in use. We will think how to make this clearer for a future version.

MDM.png

 

Edited by LegacyConnectorSupport
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...