Jump to content

SSL/TLS Protocol Filtering Issues


mcrouse
 Share

Recommended Posts

Are there any known issues related to the way ESET handles protocol filtering.  In the midst of applying some policy changes, I disabled and then re-enabled SSL/TLS protocol filtering.  After this was done,  I began seeing widespread issues with clients not being able to connect to sites and services that they were previously able to access.  I traced the issue to the protocol filtering which I now have disabled for the time being.  For reference, I am on ERA server version 6.5.522 and the clients are on version 6.5.2118.    Thanks!

Link to comment
Share on other sites

  • Administrators

You must close the browser and then disable SSL filtering, click OK and then re-enable it so that a root certificate is generated and added to known browsers and the system trusted root CA certificate store too.

We strongly recommend upgrading Endpoint to the latest version 7.2 as well as ERA to ESMC 7.1.

Link to comment
Share on other sites

Thank you for the quick reply.   I'm in the process of upgrading both the server and client to the latest version.  Would that resolve the issue without going through the steps you described?

Link to comment
Share on other sites

  • Administrators

If adding the root certificate fails, we will attempt to add it the next time the system starts. Until then, there will be issues with SSL websites because of the missing root certificate and SSL filtering enabled.

Link to comment
Share on other sites

It also depends what browser you are using.

IE11 and Edge use the Win root CA store. As such, there should be no issues with those.

Firefox in most recent versions is supposed to default to using the Win root CA store if Eset's root CA cert. is not present in the Authorities cert. store. If this is not the case, refer to the following.

Chrome is the only browser that requires Eset's root CA store to be imported into their corresponding root CA cert. store. That can be accomplished by:

1. Using certmgr.msc, export Eset's root cert. from the Win root CA cert. store.

2. Using Eset GUI to access it's root CA certificate as shown below:

Eset_Cert.thumb.png.d1705513d9d728295548eb3a3269bcf0.png

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...