Jump to content

Separate certificate for web console


Go to solution Solved by MartinK,

Recommended Posts

Hello,

 

I installed the ERA and I am trying to configure it so that it's reasonably accessible.

 

It's completely fine to have agent and server certificates signed by a private CA specific to the ERA installtion. In fact, given the restrictions on certificates issued by commectial CAs it may turn out I would not be even able to obtain certificates that would allow agent installation.

 

The problem is that accessing the console does not work easily without a certificate signed by a well known authority. So what I need is an option to import certificate for remote console access which is separate from the certificates used to authenticate the server and the agents.

 

Unfortunately, I do not see this option in the ERA certificate management.

 

Edit: it is possible to set certificate just for the Tomcat server using Java certificate tool without accessing the console web interface at all. This does not seem to hinder the server operation and allows using  certificate issued by well-known CA for the console so browsers can access it easily. The certificate will be probably overwritten next time new server certificate is installed.

Edited by uvtms
Link to comment
Share on other sites

  • ESET Staff
  • Solution

Hello,

as you already noticed, certificate used for Webconsole is unrelated to other ERA certificates managed through administration section.
Once you modify Tomcat configuration to your needs (see: hxxp://support.eset.com/kb3724/, https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority), it won't be affected by ERA upgrade nor any other operation performed by ERA. Even manual upgrade of Apache Tomcat installation should preserve configuration.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...