Deploy SSL/TLS certificates via MDM for SSL/TLS protection

Clean installation

1.Install ESET Endpoint Security version 9 on one of your Mac endpoints. Finish the activation process, enable SSL/TLS protection and enable certificate trust.

2.Use this endpoint to copy the three files listed below from path /Library/Application Support/ESET/Security/cache/data

•protoscanCipherKey.bin

•protoscanRootCert.crt

•protoscanRootKey.bin

3.Place these files into a zip on server, which must be accessible from all of your endpoints.

4.Download the script using this link: deploy_certificate_files.sh. Once it is downloaded, read through the script help. Distribute the script via MDM of your choice with adequate parameters (for example: ./deploy_certificate_files.sh -s myserver.eset.com/certificate_deployment -u myusername -p mypassword -f files.zip) The script will attempt to connect to the server via command mount_smbfs. If you wish to use different protocol than SMB, modify the script in the MARK: SMB mount section.

5.After these files are copied, open Keychain Access app on your Mac, where you initially installed ESET Endpoint Security.

6.Search for ESET SSL Filter CA and export it.

7.Distribute this certificate via MDM of your choice.

8.Finish up the rest of setup steps required for remote installation of ESET Endpoint Security. For more detailed steps visit our knowledgebase article.

9.Enable SSL settings via ESET PROTECT policy for the desired endpoints.

Steps to take if you already have ESET Endpoint Security version 9 installed

1.Make sure that the SSL/TLS protection is disabled on the endpoints. You can do so via ESET PROTECT policy.

2.Distribute the certificate (steps 1 and 5-7 in clean installation) to the endpoints via MDM of your choice.

3.Follow steps 1-4 from clean installation. The script from step 4 should restart the product.

4.Re-enable SSL/TLS protection via ESET PROTECT policy.