SSL/TLS Protocol Filtering Issues

[mcrouse 1]

Are there any known issues related to the way ESET handles protocol filtering.  In the midst of applying some policy changes, I disabled and then re-enabled SSL/TLS protocol filtering.  After this was done,  I began seeing widespread issues with clients not being able to connect to sites and services that they were previously able to access.  I traced the issue to the protocol filtering which I now have disabled for the time being.  For reference, I am on ERA server version 6.5.522 and the clients are on version 6.5.2118.    Thanks!

[Marcos 5,074]

You must close the browser and then disable SSL filtering, click OK and then re-enable it so that a root certificate is generated and added to known browsers and the system trusted root CA certificate store too.

We strongly recommend upgrading Endpoint to the latest version 7.2 as well as ERA to ESMC 7.1.

[mcrouse 1]

Thank you for the quick reply.   I'm in the process of upgrading both the server and client to the latest version.  Would that resolve the issue without going through the steps you described?

[Marcos 5,074]

If adding the root certificate fails, we will attempt to add it the next time the system starts. Until then, there will be issues with SSL websites because of the missing root certificate and SSL filtering enabled.

[itman 1,659]

It also depends what browser you are using.

IE11 and Edge use the Win root CA store. As such, there should be no issues with those.

Firefox in most recent versions is supposed to default to using the Win root CA store if Eset's root CA cert. is not present in the Authorities cert. store. If this is not the case, refer to the following.

Chrome is the only browser that requires Eset's root CA store to be imported into their corresponding root CA cert. store. That can be accomplished by:

1. Using certmgr.msc, export Eset's root cert. from the Win root CA cert. store.

2. Using Eset GUI to access it's root CA certificate as shown below: