Expiring Certificate - reporting and replacement

ESMC is able to notify you about a Certificate or a Certification Authority that is going to expire. There are pre-defined Notifications for both ESMC Certificate and ESMC Certification Authority in the Notifications tab.

To activate this feature, click Edit Notification and specify details in the Distribution section, such as email address or SNMP trap. Each user is able to see notifications only for those certificates which are in their home group (given the user has assigned Read permissions for Certificates).

details_hoverNOTE

Make sure you have configured SMTP connection settings in Server settings first. Once done, you can edit notification to add Distribution email address.

If a computer has a certificate that is about to expire, its status information will automatically change. The status will be reported to Dashboard, Computers list, Status Overview and Certificate tab:

cert_expire

To replace an expiring Certification Authority or Certificate, follow these steps:

1.Create new Certification Authority with a new validity period (if the old one is going to expire), ideally setting it to be valid immediately.

2.Create a new Peer Certificates for ESMC Server and other components (Agent/MDM) within the validity period of your new Certification Authority.

3.Create policies to set new Peer Certificates. Apply the policies to ESMC components, MDM and to ESET Management Agent on all client computers in your network.

4.Wait until the new Certification Authority and Peer Certificates are applied and the clients were replicated.

details_hoverNOTE

Ideally, wait 24 hours or check if all of your ESMC components (Agents) have replicated at least twice.

5.Replace Server certificate in ESMC Server Settings so that clients are able to authenticate using their new Peer Certificates.

6.Once you have completed all the steps above, every client is connecting to ESMC and all is working as expected, revoke old Peer Certificates and delete the old Certification Authority.