Issue
- You cannot log in to the ESET PROTECT On-Prem Web Console after migrating from an ESET PROTECT Virtual Appliance based on CentOS to a new ESET PROTECT Virtual Appliance based on Rocky Linux
- You get the "Login failed: Communication error" message in ESET PROTECT On-Prem Web Console
Details
Click to expand
After migrating from an ESET PROTECT Virtual Appliance based on CentOS to a new ESET PROTECT Virtual Appliance based on Rocky Linux, you see the message: "Login failed: Communication error" on the ESET PROTECT On-Prem Web Console login page.
This occurs because the ESET PROTECT Server still uses a Server certificate signed by a Certification Authority (CA) with SHA–1, which is blocked by Rocky Linux’s system-wide cryptographic policy. As a result, the Web Console (Apache Tomcat) cannot establish a secure connection to the ESET PROTECT Server.
Solution
To resolve this issue, you must temporarily allow SHA–1 on the Rocky Linux appliance, log in to the ESET PROTECT On-Prem Web Console, and replace the certificates signed with SHA–1 with new ones signed using SHA–2.
-
Temporarily allow SHA–1 on the Rocky Linux appliance. In the terminal, run:
sudo update-crypto-policies --set DEFAULT:SHA1 sudo reboot -
Enable Advanced security and restart the ESET PROTECT Server service.
-
Create a new Certification Authority (CA) that signs with SHA–2.
-
Create a new Server certificate and sign it with the new Certification Authority (CA).
-
Wait until the public part of the new Certification Authority (CA) is replicated to all ESET Management Agents.
-
Configure the ESET PROTECT Server to use the new SHA–2 Server certificate.
-
Restore secure cryptographic policy on the Rocky Linux appliance. In the terminal, run:
sudo update-crypto-policies --set DEFAULT sudo reboot
You should now be able to log in to the ESET PROTECT Web Console on the migrated ESET PROTECT Virtual Appliance.
