T3chGuy007 16 Posted August 25, 2020 Share Posted August 25, 2020 Hello. It looks like our ESMC installation was setup without using SSL so whenever I go to our ESMC portal, I get a warning that the connection is not secure. I found this KB article that states to download and reinstall ESMC Web Console using the All-in-one installer in order to generate the secure cert. It says to download the version of the All-in-one installer that matches your ESMC Server version. I am running v7.2.1278.0 of ESMC Server and v7.2.230.0 of the Web Console. When I go to the download page, I only see v7.2.11.1 of the All-in-one installer. Is this the version that I need or is there an updated All-in-one installer somewhere? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,698 Posted August 25, 2020 Administrators Share Posted August 25, 2020 V7.2.11.1 is the latest version of ESMC. Its components have different versions as you can read here: https://support.eset.com/en/kb3690 Link to comment Share on other sites More sharing options...
T3chGuy007 16 Posted August 25, 2020 Author Share Posted August 25, 2020 Ok, thanks for the clarification. I went ahead and uninstalled Tomcat, like the KB said to do, and I then installed ESET Security Management Center Webconsole. I did not check the option for "Add Custom HTTPS certificate" because the instructions said that the secure connection certificate will be automatically generated during the installation. Once the install was finished, I launched the ESMC portal again, but it still shows as insecure. Did I skip a step? I believe I followed the instructions so I'm not sure why it is still showing insecure. Thanks for the any help. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted August 25, 2020 ESET Staff Share Posted August 25, 2020 In case you chose to use generated certificate, most probable reason for insecurity of certificate is that it is self-signed, i.e. that it is not trusted by your browser, which by default trusts only certificates signed/provided by specific third-party vendors. Technically you have two possibilities: configure browser that it will consider generated certificate as trusted - via exclusion or similar mechanisms order and configure console to use proper certificates. It might be certificate issues by third-party vendor, your company certification authority or possibly also certificate from Lets Encrypt organization (https://letsencrypt.org/). Link to comment Share on other sites More sharing options...
T3chGuy007 16 Posted August 25, 2020 Author Share Posted August 25, 2020 Ok, just to clarify, the KB article states that the solution for the insecure message is to reinstall ESMC Web Console. I was under the impression that if I did this and opted to have the installer generate a certificate automatically (which I did), it would fix the issue. You're telling me that the article is wrong and additional steps are needed? See highlights below. Reinstall the ESMC Web Console using the All-in-one installer You can reinstall the ESMC Web Console using the All-in-one installer to automatically generate the secure connection (https) certificate. Follow the steps below: Make sure Apache Tomcat is not used by any other application than ESMC Web Console. Uninstall Apache Tomcat. This step unistalls also the ESMC Web Console. Download the ESMC All-in-one-installer - use the same version as your ESMC Server: - version 7.0 32-bit - version 7.0 64-bit - version 7.1 Run the ESMC All-in-one-installer. Select Install → Accept the EULA → select the component to install: ESET Security Management Center Webconsole. The secure connection certificate will be automatically generated during the installation. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,698 Posted August 26, 2020 Administrators Share Posted August 26, 2020 As it's been already mentioned, it's a self-signed certificate for https connections that is generated during installation. If you want to use the self-signed certificate and not one issued by a 3rd party trusted certification authority, you will need to make an exception in the browser: Link to comment Share on other sites More sharing options...
T3chGuy007 16 Posted August 26, 2020 Author Share Posted August 26, 2020 Ok, I guess I misunderstood the article because I thought by reinstalling ESMC Web Console it would eliminate the SSL connection error, but that doesn't seem to be the case. As it's been said, the portal will still show that it's not secure unless I use a 3rd party authority. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted August 26, 2020 ESET Staff Share Posted August 26, 2020 1 hour ago, T3chGuy007 said: Ok, I guess I misunderstood the article because I thought by reinstalling ESMC Web Console it would eliminate the SSL connection error, but that doesn't seem to be the case. As it's been said, the portal will still show that it's not secure unless I use a 3rd party authority. Yes, it seems ot be confusing, as there are two different levels of insecurity: Article helps you to enable TLS for console, i.e. it helps in case only HTTP was used to access console, which is obviously not secure and probably even you get warning in modern browsers Article does not help with "quality" of certificate itself, where TLS will be used to secure channel, but there are few risks, where one of them is that such certificate might have been generated by anyone... Link to comment Share on other sites More sharing options...
Recommended Posts