[KB5695] Set an ESET Remote Administrator Web Console running on Linux to use HTTPS (6.x)

Solution

ESET business product no longer supported

This article applies to an ESET product version that is currently in End of Life status and is no longer supported. The content in this article is no longer updated. 

For a complete list of supported products and support level definitions, review the ESET End of Life policy for business products.

Upgrade ESET business products.

Change the service name

  • This solution is for apt based distributions like Ubuntu. For the other distributions like Fedora you have to change the service name tomcat7 to tomcat .
  • On the ERA Virtual Appliance the server.xml file is located at /etc/tomcat/server.xml

Click here for instructions to use a signed certificate.

  1. Run the following command:

    sudo keytool -genkey -alias tomcat -keyalg RSA -keystore/etc/ssl/certs/java/era_web_console.keystore -storepass password -validity 3650 -keysize 4096
     
  2. Open the file sudo nano /var/lib/tomcat7/conf/server.xml.
     
  3. Search or scroll until you find  and edit the area for connector port as follows: 

    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="/etc/ssl/certs/java/era_web_console.keystore"keystorePass="password"
    keyAlias="tomcat"
    clientAuth="false"
    sslProtocol="TLS"
    />

Use a signed certificate

  1. Purchase a certificate from one of the certifying authorities for your ESET Remote Administrator (ERA) address. 
     
  2. Copy the certificate to your Ubuntu server, preferably as a .pfx file.
     
  3. Determine the alias of the .pfx file by running the following command:

    keytool –list –storetype pkcs12 –keystore keyfilename.pfx –v | grep Alias

    Password required

    This command will prompt you for the password you used to create the certificate.

  4. Convert the .pfx file to .jks using the following command: 

    keytool –importkeystore –srckeystore keyfilename.pfx –srcstoretype pkcs12 –destkeystore keyfilename.jks –deststoretype jks

    Password required

    This command will prompt you for the password you used to create the certificate. It will also prompt you to create a password for the newly converted keystore (.jks) file.

  5. Edit the configuration file to use the new .jks file, using the following command: 

    sudo nano /var/lib/tomcat7/conf/server.xml

    Find the section that says and edit the section to look like this: 

    protocol="HTTP/1.1"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="location of the newly created .jks file, for example /home/user/keyfilename.pfx"
    keystorePass="password
    keyAlias="use the alias you determined in the previous step"
    clientAuth="false"
    sslProtocol="TLS"
    />

  6. Restart Tomcat using the following command:

    sudo service tomcat7 restart