Jump to content

ESMC SSL Connection


Recommended Posts

Hello.  It looks like our ESMC installation was setup without using SSL so whenever I go to our ESMC portal, I get a warning that the connection is not secure.  I found this KB article that states to download and reinstall ESMC Web Console using the All-in-one installer in order to generate the secure cert.  It says to download the version of the All-in-one installer that matches your ESMC Server version.  I am running v7.2.1278.0 of ESMC Server and v7.2.230.0 of the Web Console.  When I go to the download page, I only see v7.2.11.1 of the All-in-one installer.  Is this the version that I need or is there an updated All-in-one installer somewhere?

Link to comment
Share on other sites

Ok, thanks for the clarification.  I went ahead and uninstalled Tomcat, like the KB said to do, and I then installed ESET Security Management Center Webconsole.  I did not check the option for "Add Custom HTTPS certificate" because the instructions said that the secure connection certificate will be automatically generated during the installation.  Once the install was finished, I launched the ESMC portal again, but it still shows as insecure.  Did I skip a step?  I believe I followed the instructions so I'm not sure why it is still showing insecure.  Thanks for the any help.

Link to comment
Share on other sites

  • ESET Staff

In case you chose to use generated certificate, most probable reason for insecurity of certificate is that it is self-signed, i.e. that it is not trusted by your browser, which by default trusts only certificates signed/provided by specific third-party vendors.

Technically you have two possibilities:

  • configure browser that it will consider generated certificate as trusted - via exclusion or similar mechanisms
  • order and configure console to use proper certificates. It might be certificate issues by third-party vendor, your company certification authority or possibly also certificate from Lets Encrypt organization (https://letsencrypt.org/).
Link to comment
Share on other sites

Ok, just to clarify, the KB article states that the solution for the insecure message is to reinstall ESMC Web Console.  I was under the impression that if I did this and opted to have the installer generate a certificate automatically (which I did), it would fix the issue.  You're telling me that the article is wrong and additional steps are needed?  See highlights below.

Reinstall the ESMC Web Console using the All-in-one installer

You can reinstall the ESMC Web Console using the All-in-one installer to automatically generate the secure connection (https) certificate. Follow the steps below:

  1. Make sure Apache Tomcat is not used by any other application than ESMC Web Console.
  2. Uninstall Apache Tomcat. This step unistalls also the ESMC Web Console.
  3. Download the ESMC All-in-one-installer - use the same version as your ESMC Server:
    - version 7.0 32-bit
    - version 7.0 64-bit
    - version 7.1
  4. Run the ESMC All-in-one-installer. Select Install → Accept the EULA → select the component to install: ESET Security Management Center Webconsole. The secure connection certificate will be automatically generated during the installation.
Link to comment
Share on other sites

  • Administrators

As it's been already mentioned, it's a self-signed certificate for https connections that is generated during installation. If you want to use the self-signed certificate and not one issued by a 3rd party trusted certification authority, you will need to make an exception in the browser:

image.png

Link to comment
Share on other sites

Ok, I guess I misunderstood the article because I thought by reinstalling ESMC Web Console it would eliminate the SSL connection error, but that doesn't seem to be the case.  As it's been said, the portal will still show that it's not secure unless I use a 3rd party authority.

Link to comment
Share on other sites

  • ESET Staff
1 hour ago, T3chGuy007 said:

Ok, I guess I misunderstood the article because I thought by reinstalling ESMC Web Console it would eliminate the SSL connection error, but that doesn't seem to be the case.  As it's been said, the portal will still show that it's not secure unless I use a 3rd party authority.

Yes, it seems ot be confusing, as there are two different levels of insecurity:

  • Article helps you to enable TLS for console, i.e. it helps in case only HTTP was used to access console, which is obviously not secure and probably even you get warning in modern browsers
  • Article does not help with "quality" of certificate itself, where TLS will be used to secure channel, but there are few risks, where one of them is that such certificate might have been generated by anyone...
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...