[KB8515] Enable the OpenSSL 3.x support for ESET PROTECT On-Prem for Linux

Issue

• Enable OpenSSL 3.x support for ESET PROTECT On-Prem for Linux
• Certificate error for agents using older operating systems
• Upgrade OpenSSL 1.1.1 to OpenSSL 3.x
• See more information on Advanced Security settings

Solution

Certificate error for agents using older operating systems

You receive the following error after OpenSSL 3.x, the ESET PROTECT Server and ESET PROTECT On-Prem have been installed:

1. Open ESET PROTECT On-Prem and log in.

2. Click More → Settings, expand Connection, disable the toggle next to Advanced security and restart the server service.

   

3. Create Certificate Authority and Peer Certificate.

4. Click More → Settings, expand Connection, enable the toggle next to Advanced security and restart the server service. 

   

5. Select the new certificate when generating installers or deploying agents using the agent deployment task.

   Using certificates with disabled settings

   We do not recommend using certificates created when Advanced security is disabled, as security may be compromised.

6. Create a new agent policy to distribute the new certificates to clients on an older operating system.

Upgrade OpenSSL 1.1.1 to OpenSSL 3.x 

Existing ESET PROTECT On-Prem environments that use OpenSSL 1.1.1 can upgrade to OpenSSL 3.x.

1. Install OpenSSL 3.x on the server.
   
   
2. Rerun the server installation command to link to the OpenSSL 3 libraries.
   
   
3. Create Certificate Authority and Peer Certificate. The new certificates will facilitate the OpenSSL 3.x algorithms.
   
   
4. Create a new agent policy to distribute the new certificates to eligible clients. The original certificates are still available and can connect older devices that do not recognize the new CA.