Jump to content

https:// console issue after ESET 7.0 upgrade


Manikandan R
 Share

Recommended Posts

Hi,

 

Please see below image, i have firewall and UPS all hardware console https not open after upgrade the ESET 7.0 client. if i AV removed means i can get the console without any issue.

Please advise.

https://172.25.2.2

image.thumb.png.cc6330e7d0e51cd80c7304a61bfcd966.png

Link to comment
Share on other sites

  • ESET Staff

Do I understand it correctly, that once you installed ESMC, client computers (i.e. computer not with installed ESMC, but with AGENT + Endpoint) is blocking access to internet? If so, could you check configuration of related protection in endpoint? Are you using policy that are supposed to block "unknown" internet traffic?

Link to comment
Share on other sites

1 hour ago, MartinK said:

Do I understand it correctly, that once you installed ESMC, client computers (i.e. computer not with installed ESMC, but with AGENT + Endpoint) is blocking access to internet? If so, could you check configuration of related protection in endpoint? Are you using policy that are supposed to block "unknown" internet traffic?

Its not blocking internet, just console (SSL)

Link to comment
Share on other sites

  • ESET Staff
6 hours ago, Pinni3 said:

Its not blocking internet, just console (SSL)

O, in that case checking with different browser could provide more details. In case ESMC appliance is newly deployed (new installation or migration of older ERA), new SSL certificate has been generated for console. It is possible that certificate is not signed for used IP address used in example, and also certificate will be self-signed, so it has to be explicitly accepted. I am not sure why this possibility has not been offered by this browser ...

Also in case custom SSL certificate for console has been used in older appliance, it has to be migrated manually.

Link to comment
Share on other sites

  • 1 month later...
  • ESET Staff

Manual migration means that you have to copy old certificate to new appliance, and modify Apache Tomcat's configuration file located in /etc/tomcat/server.xml.

In this configuration file, you will find section like this:

    <Connector port="8443"
               protocol="HTTP/1.1"
               SSLEnabled="true"
               maxThreads="150"
               scheme="https"
               secure="true"
               clientAuth="false"
               sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
               ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_RSA_WITH_AES_128_CBC_SHA,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_RSA_WITH_AES_256_CBC_SHA"
               keystoreFile="/etc/tomcat/.keystore"
               keystorePass="O1XFm2l6aW0xb1nTzWzSzQIpCdxHh2OO"
               keyAlias="tomcat"
               />

where parameters:

               keystoreFile="/etc/tomcat/.keystore"
               keystorePass="O1XFm2l6aW0xb1nTzWzSzQIpCdxHh2OO"
               keyAlias="tomcat"

are related to SSL certificate configuration -> those settings has to be transferred to new appliance.

So you actually have to:

  1. copy file keystoreFile (in my case /etc/tomcat/.keystore) from old appliance to new. It is easiest to just replace file, i.e. use the same name in both old and new appliances
  2. modify /etc/tomcat/server.xml in new appliance to use migrated SSL certificate. In case you used the same path to copied file, you just have to set value keystorePass to password used in old appliance. Also keyAlias has to be the same after migration.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...