[KB8641] Unable to log in to ESET PROTECT Web Console after migrating to a new Virtual Appliance (Rocky Linux)

Issue

  • You are unable to log in to the ESET PROTECT Web Console after the migration from ESET PROTECT Virtual Appliance (CentOS) to ESET PROTECT Virtual Appliance (Rocky Linux) 

Details


Click to expand

It has been reported that users are unable to log in to the ESET PROTECT Web Console after they migrated from an old ESET PROTECT Virtual Appliance (CentOS) to a new ESET PROTECT Virtual Appliance (Rocky Linux) that still uses certificates issued by SHA1 Certificate Authority (CA). 

This is caused by the blocked communication of the Apache Tomcat/ESET PROTECT Web Console with the ESET PROTECT Server service, indicated by the "Login failed: Communication error" message.


Solution

If you migrate to a new ESET PROTECT Virtual Appliance, you cannot log in to the ESET PROTECT Web Console until a new SHA2 certificate is issued. However, this is not possible until the security of the whole operating system is decreased by allowing SHA1.

  1. To allow SHA1 on the new ESET PROTECT Virtual Appliance, run the following command and then restart the operating system.

    update-crypto-policies --set DEFAULT:SHA1
  2. Log in to your ESET PROTECT Web Console.

  3. Enable Advanced security and restart the ESET PROTECT Server service. Create a new SHA2 CA and sign a server certificate with the new SHA2 CA.

  4. Wait until the public part of the newly created SHA2 CA is replicated to all ESET Management Agents and then change the Server certificate to a new SHA2 Server certificate.

  5. To disable SHA1 and return to the previous cryptographic policy, run the following command:

    update-crypto-policies --set DEFAULT
  6. Restart the operating system.
You should now be able to log in to the ESET PROTECT Web Console on the migrated ESET PROTECT Virtual Appliance.