[KB5695] Set an ESET Remote Administrator Web Console running on Linux to use HTTPS (6.x)

Solution

End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM

ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.

ESET Remote Administrator version 6.4 is currently in End of Life status and no longer available for download.

The MDM functionality in ESET Remote Administrator version 6 is currently in End of Life status and no longer available for download

Be careful to change the service name

  • This solution is for apt based distributions like Ubuntu. For the other distributions like Fedora you have to change the service name tomcat7 to tomcat .
  • On the ERA Virtual Appliance the server.xml file is located at /etc/tomcat/server.xml

Click here for instructions to use a signed certificate.

  1. Run the following command:

    sudo keytool -genkey -alias tomcat -keyalg RSA -keystore/etc/ssl/certs/java/era_web_console.keystore -storepass password -validity 3650 -keysize 4096
     
  2. Open the file sudo nano /var/lib/tomcat7/conf/server.xml.
     
  3. Search or scroll until you find  and edit the area for connector port as follows: 

    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="/etc/ssl/certs/java/era_web_console.keystore"keystorePass="password"
    keyAlias="tomcat"
    clientAuth="false"
    sslProtocol="TLS"
    />

Use a signed certificate

  1. Purchase a certificate from one of the certifying authorities for your ESET Remote Administrator (ERA) address. 
     
  2. Copy the certificate to your Ubuntu server, preferably as a .pfx file.
     
  3. Determine the alias of the .pfx file by running the following command:

    keytool –list –storetype pkcs12 –keystore keyfilename.pfx –v | grep Alias

    Password required

    This command will prompt you for the password you used to create the certificate.

  4. Convert the .pfx file to .jks using the following command: 

    keytool –importkeystore –srckeystore keyfilename.pfx –srcstoretype pkcs12 –destkeystore keyfilename.jks –deststoretype jks

    Password required

    This command will prompt you for the password you used to create the certificate. It will also prompt you to create a password for the newly converted keystore (.jks) file.

  5. Edit the configuration file to use the new .jks file, using the following command: 

    sudo nano /var/lib/tomcat7/conf/server.xml

    Find the section that says and edit the section to look like this: 

    protocol="HTTP/1.1"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="location of the newly created .jks file, for example /home/user/keyfilename.pfx"
    keystorePass="password
    keyAlias="use the alias you determined in the previous step"
    clientAuth="false"
    sslProtocol="TLS"
    />

  6. Restart Tomcat using the following command:

    sudo service tomcat7 restart