jimwillsher 64 Posted April 14, 2021 Share Posted April 14, 2021 Hello I need to access some remote Dell iDRAC consoles (remote access consoles). The certificates are self-signed by the iDRAC. I can access the iDRAC itself with no problem, it all works well, although I do get browser warnings about the site not being secure. However if I try to access the Virtual Console I get a few popups and then a connection closed message. Viewing the (invalid) certificate shows ISSUED TO as the iDRAC name and ISSUED BY as ESET. If I Disable "Enable SSL/TLS protocol filtering" under Web and Email is the ESET client, I can connect successfully. In this case both ISSUED TO and ISSUED BY show the iDRAC name. What might be the best way to resolve this, aside from completely disabling SSL protocol filtering? I am using 8.0.2028.0 on Win10. Many thanks, Jim Link to comment Share on other sites More sharing options...
Administrators Marcos 3,983 Posted April 14, 2021 Administrators Share Posted April 14, 2021 Have you tried excluding the appropriate IP address from SSL filtering? You can also temporarily switch SSL filtering to interactive mode and select to ignore the certificate when asked. Link to comment Share on other sites More sharing options...
jimwillsher 64 Posted April 16, 2021 Author Share Posted April 16, 2021 Thanks Marcos. I couldn't find a setting to exclude from SSL filtering, only Protocol Filtering, which I guess has a wider scope than just SSL? Adding the IP address in there does indeed make the problem go away. Would you envisage this being a short-term workaround or a long-term solution? Many thanks Jim Link to comment Share on other sites More sharing options...
Administrators Marcos 3,983 Posted April 16, 2021 Administrators Share Posted April 16, 2021 The question is if it doesn't work for security reasons when the application refuses to communicate if the certificate is issued by an unexpected issuer or if there's an issue with filtering the SSL communication. I'd recommend generating 2 sets of logs: 1, - with SSL filtering enabled and no IP exclusion in place - enable advanced network protection + protocol filtering logging under tools -> diagnostics - reproduce the issue - disable logging - collect logs with ESET Log Collector 2, - with SSL filtering disabled - enable advanced network protection logging under tools -> diagnostics - try to reproduce the issue (it should work now) - disable logging - collect logs with ESET Log Collector When done, upload both archives here. Link to comment Share on other sites More sharing options...
jimwillsher 64 Posted April 16, 2021 Author Share Posted April 16, 2021 Hi Marcos, I now have both log files but they are 55MB and 56 MB so can't post here. I collected logs for just today. Link to comment Share on other sites More sharing options...
Administrators Marcos 3,983 Posted April 16, 2021 Administrators Share Posted April 16, 2021 You can upload them to OneDrive, Dropbox,etc. and drop me a personal mesage with a download link. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 3,983 Posted April 18, 2021 Administrators Solution Share Posted April 18, 2021 Please add this CA to the trusted root CA certificate store to establish trust: Link to comment Share on other sites More sharing options...
jimwillsher 64 Posted April 19, 2021 Author Share Posted April 19, 2021 Many thanks Marcos Link to comment Share on other sites More sharing options...
Recommended Posts