[KB5695] Set an ESET Remote Administrator Web Console running on Linux to use HTTPS (6.x)

Solution

End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM

ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.

ESET Remote Administrator version 6.4 is currently in End of Life status and no longer available for download.

The MDM functionality in ESET Remote Administrator version 6 is currently in End of Life status and no longer available for download

Be careful to change the service name

  • This solution is for apt based distributions like Ubuntu. For the other distributions like Fedora you have to change the service name tomcat7 to tomcat .
  • On the ERA Virtual Appliance the server.xml file is located at /etc/tomcat/server.xml

Click here for instructions to use a signed certificate.

  1. Run the following command:

    sudo keytool -genkey -alias tomcat -keyalg RSA -keystore/etc/ssl/certs/java/era_web_console.keystore -storepass password -validity 3650 -keysize 4096
  2. Open the file sudo nano /var/lib/tomcat7/conf/server.xml.
  3. Search or scroll until you find<Connector port="8443"> and edit the area for connector port as follows:

    <Connector port="8443" protocol="HTTP/1.1"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="/etc/ssl/certs/java/era_web_console.keystore"keystorePass="password"
    keyAlias="tomcat"
    clientAuth="false"
    sslProtocol="TLS"
    />

Use a signed certificate

  1. Purchase a certificatefrom one of the certifying authorities for your ESET Remote Administrator (ERA) address.
  2. Copy the certificateto your Ubuntu server, preferably as a .pfx file.
  3. Determine the alias of the .pfx file by running the following command:

    keytool –list –storetype pkcs12 –keystore keyfilename.pfx –v | grep Alias

    Password required

    This command will prompt you for thepassword you used tocreate the certificate.

  4. Convert the .pfx file to .jks using the following command:

    keytool –importkeystore –srckeystore keyfilename.pfx –srcstoretype pkcs12 –destkeystore keyfilename.jks –deststoretype jks

    Password required

    This command will prompt you for thepassword you used tocreate the certificate. It will also prompt you to create a password for the newly convertedkeystore(.jks) file.

  5. Edit the configuration file to use the new .jks file, using the following command:

    sudo nano /var/lib/tomcat7/conf/server.xml

    Find the section that says <Connector port="8443"> and edit the section to look like this:

    <Connector port="8443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="location of the newly created .jks file, for example /home/user/keyfilename.pfx"
    keystorePass="password"
    keyAlias="use the alias you determined in the previous step"
    clientAuth="false"
    sslProtocol="TLS"
    />

  6. Restart Tomcat using the following command:

    sudo service tomcat7 restart
Languages
Last Updated: Oct 15, 2019

Additional resources

User Guides

ESET Forum

YouTube videos

Need further assistance?

Contact ESET Technical Support

More Information

Support News
Customer Advisories