Deploy SSL/TLS certificates via MDM for SSL/TLS protection

Certificates deployment requirements

To deploy SSL/TLS certificates via MDM, you will need to first setup a single device manually and enable SSL/TLS protection. This device will act as the base device, from which you will have to copy and deploy the generated ESET certificate files as described below.

Clean installation of ESET Endpoint Security version 9

1.Open Keychain Access app on your base device, where you manually installed ESET Endpoint Security.

2.Search for ESET SSL Filter CA and export it.

3.Distribute this certificate via MDM of your choice.

4.Use the base device to copy the three files listed below from path /Library/Application Support/ESET/Security/cache/data

•protoscanCipherKey.bin

•protoscanRootCert.crt

•protoscanRootKey.bin

5.Place these files into a zip on server, which must be accessible from all of your endpoints.

6.Download the script using this link: deploy_certificate_files.sh. Once it is downloaded, read through the script help. Distribute the script via MDM of your choice with adequate parameters (for example: ./deploy_certificate_files.sh -s myserver.eset.com/certificate_deployment -u myusername -p mypassword -f files.zip) The script will attempt to connect to the server via command mount_smbfs. If you wish to use different protocol than SMB, modify the script in the MARK: SMB mount section.

7.Finish up the rest of setup steps required for remote installation of ESET Endpoint Security. For more detailed steps visit our knowledgebase article.

8.Enable SSL settings via ESET PROTECT policy for the desired endpoints.

Steps to take if you already have ESET Endpoint Security version 9 installed

1.Make sure that the SSL/TLS protection is disabled on the endpoints. You can do so via ESET PROTECT policy.

2.Follow steps 1-6 from clean installation. Once you deploy the certificate files in step 6., the Web Access Protection protection is restarted.

3.Re-enable SSL/TLS protection via ESET PROTECT policy.