Project

General

Custom queries

Profile

Actions

Bug #26234

closed

Troubleshooting ESET software modifying certifactes by replacing issuers

Added by Elaad FURREEDAN 2 months ago. Updated about 1 month ago.

Status:
Released
Priority:
N/A
Category:
Documentation
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

Description

Some user face problems when ESET software is installed on nodes, with an error for agent run or inventory

curl: (90) SSL: public key does not match pinned public key

Seems to come from ESET Endpoint Security : https://help.eset.com/ees/9/en-US/idh_config_epfw_ssl.html
It contains a certificate checker that modifies “invalid” certificates on the fly, by replacing the issuer field with this exact string:
CN=The original certificate provided by the server is untrusted

This changes the hash of the certificate, and prevents the Rudder agent from contacting its policy server over HTTPS.

How to identify the problem

  1. On the node run
    grep POLICY_SERVER_KEY_HASH /var/rudder/cfengine-community/inputs/rudder.json@ -> you will a hash like @sha256//<hash>
    
  2. Then run
    curl -v -k --pin @sha256//<hash>@ https://<policy-server-hostname-or-ip>
  3. In the output, check the issuer line if it contains this following line, then it is linked to ESET software
    CN=The original certificate provided by the server is untrusted
    

How to fix

It seems possible to add the root server’s certificate to the EDR configuration and explicitly allow it: https://help.eset.com/ees/9/en-US/idh_config_epfw_ssl_known.html

Actions #1

Updated by Elaad FURREEDAN 2 months ago

  • Status changed from New to In progress
Actions #2

Updated by Elaad FURREEDAN 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Elaad FURREEDAN to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-doc/pull/1082
Actions #3

Updated by Anonymous 2 months ago

  • Status changed from Pending technical review to Pending release
Actions #4

Updated by Alexis Mousset about 2 months ago

  • Fix check changed from To do to Checked
Actions #5

Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.12 and 8.2.5 which were released today.

Actions

Also available in: Atom PDF