Mobile Device Connector install in Linux

[Kjetil 0]

Hi,

I want to run the installation script mdmcore-linux-x86_64.sh on my server, but have no clue what to set for the "--https-cert-path" option ?

I can understand from the thread https://forum.eset.com/topic/5814-mdm-webserver-does-not-use-full-cert-chain/ that the agent cert found in the Security Management Center can be used, but how do I specify the path to that ?

 

 

[MartinK 376]

Have you checked documentation for MDMCore installation on linux? Certificate can be created in EMMC or your own can be used.

[Kjetil 0]

I have read the documentation in the link. I says that for "Server assisted installation", the installer will download required certificates automatically. I can see in ESMC under "Peer certificates" that there is an "agent certificate for server assisted installation". Still, I need to know the path for this in order to provide the installation command parameters. So, how do I find --https-cert-path= to the "agent certificate for server assisted installation" ?

[Kjetil 0]

If others have the same problem, I found out how:

1. Log in to ESMC

2. Choose "More->Peer certificates"

3. Left click on "agent certificate for server assisted installation" and "Export"

4. Copy the cert to a location on the server, and rename it, like /etc/ssl/certs/agentcertcopy.pfx

5. use that path in the script: --https-cert-path="/etc/ssl/certs/agentcertcopy.pfx"

[Mirek S. 18]

Hello

--https-cert-path is not Agent certificate but certificate used to communicate with devices.

Agent certificate does not have valid properties for this interface.

You can create valid https interface certificate in ESMC certificates when You select MDM product.

HTH

[Kjetil 0]

Ah, Thanks for the clarification. I have replaced the peer certificate I downloaded from ESMC with a new pfx certificate from Letsencrypt.com. 

The mdmcore-linux-x86_64.sh script completes without errors. If I go to https://"myserver":9980 I get the message "MDC Server up and running!"

Still I can not select any Mobile Device connector in ESMC ? It's like if the ESMC and the MDM is not connected with eachother.

In the trace.log, I find the output below. Any idéa how to troubleshoot this ?

Quote

 

Configuration: Cannot parse APNS cert, iOS enrollment and push notifications will not work
2019-02-21 09:01:01 E [140378738026240] ModSslCertTools: P12 verification failed with error: unable to get local issuer certificate
2019-02-21 09:01:01 W [140378738026240] MultiAgentOverloadReporter: Reporting OK, with 0 out of 200 last connections unsuccessful.
2019-02-21 09:01:01 I [140378738026240] Logging to directory /var/log/eset/RemoteAdministrator/MDMCore/Proxy/
2019-02-21 09:01:06 W [140378430752512] Module Update: Perform Update: ignore module update, no license.
2019-02-21 09:01:11 S [140378413967104] Status:
 Version: 7.0.520.0
 AdminConnector: Connected: false
 CertManager: no change in progress
 AgentConnector: Attempted connections: 0 Completed connections: 0 Clean disconnections: 0
 AgentManager: Total active agents: 0 Agents rotated since last report: 0
 AsioTcpInstance.Count: 0
 HTTP (enrollment): Attempted connections: 0
 HTTP (mdm): Attempted connections: 0

2019-02-21 09:01:21 W [140378447537920] Configuration: APNS Certificate was empty.
2019-02-21 09:02:01 E [140378558600960] ConnectionPool: No module is subscribed for message EventLog_QOS_DATABASE_EVENT (10107)
2019-02-21 09:06:12 E [140377885488896] AdminConnector: Unable to send message(s), Pending: 4 Reason: Not connected

 

Edited February 21, 2019 by Kjetil

[Mirek S. 18]

Hello,

Part of information is sent via management Agent which must be installed on same device as MDM. I assume you did not install it as AdminConnector has pending messages.

HTH