[KB8515] Enable the OpenSSL 3.x support for ESET PROTECT On-Prem

Issue

• Enable OpenSSL 3.x support for ESET PROTECT On-Prem
• Certificate error for agents using earlier operating systems
• Upgrade OpenSSL 1.1.1 to OpenSSL 3.x

Solution

Certificate error for agents using earlier operating systems

You receive the following error when deploying agents on computers running older operating systems: Provided certificate is not valid PFX certificate or password does not match.

1. Open ESET PROTECT On-Prem and log in.

2. Click More → Settings, expand Connection, disable the toggle next to Advanced security and restart the server service.

   

3. Create Certificate Authority and Peer Certificate.

4. Click More → Settings, expand Connection, enable the toggle next to Advanced security and restart the server service. 

   

5. Select the new certificate when generating installers or deploying agents using the agent deployment task.

   Using certificates with disabled settings

   We do not recommend using certificates created when Advanced security is disabled, as security may be compromised.

6. Create a new agent policy to distribute the new certificates to clients on an older operating system.

Upgrade OpenSSL 1.1.1 to OpenSSL 3.x

Existing ESET PROTECT On-Prem environments that use OpenSSL 1.1.1 can upgrade to OpenSSL 3.x.

1. Download and build/install OpenSSL 3.x on the server.

2. Run the ESET PROTECT Server installation command again to link to the OpenSSL 3.x libraries.

3. Create Certificate Authority and Peer Certificate. The new certificates will facilitate the OpenSSL 3.x algorithms.

4. Create a new agent policy to distribute the new certificates to eligible clients. The original certificates are still available and can be used to connect earlier devices that do not recognize the new CA.