Jump to content
Maurizio

ESET MDM hostname does not match HTTPS certificate

Recommended Posts

After upgrading MDM to version 7.0.394, I got the critical alert "ESET HTTPS certificate chain is incomplete. Enrollment is not allowed", I've so created a new HTTPS certificate and applied it to the MDM server with a dedicated policy, but now I've the new error "ESET MDM hostname does not match HTTPS certificate" and all my mobile devices are deactivated and I can't enroll new devices.

I've followed the guide here https://support.eset.com/kb3686/#hostnamewarning2 but there is no more "hostname" options in the "Mobile Device Connector" policy and also there is no more "ESET Remote Administrator Mobile Device Connector" policy to select in the new policy list.

I've install/repaired the MDM module to verify/change the hostname, is there any other method to do that?

Edited by Maurizio

Share this post


Link to post
Share on other sites

Hello,

You can ensure certificate You created has valid (same) hostname via GetConfiguration task. (hostname is still visible in configuration)

The reason for removal from policy was that changing this option is essentially equal to reinstallation. (all devices lose connectivity)

If configured hostname matches the certificate, please PM me ESET log collector logs.

Thanks and sorry for the inconvenience.

Share this post


Link to post
Share on other sites

The hostname it's the same of the MDM certificate I assigned with the policy, but if I check the certificate in Firefox it shows me an old certificate with different hostname.
It's like the policy doesn't change the mdm https server certificate.

Share this post


Link to post
Share on other sites

This is "feature". You can change the timeout interval when new certificate is applied. Otherwise, MDM waits till all devices exchanged their current trust with new one. As You changed hostname the devices must be re-enrolled anyway (as by hostname change they lost connectivity).

You can find this timeout in policy in https certificate.

As a side note, You're getting the protection state because protection states are evaluated on a certificate which is currently in use. We will think how to make this clearer for a future version.

MDM.png

 

Edited by LegacyConnectorSupport

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×