Certificates

Certificates are an important part of ESET Security Management Center, they are required for ESMC components to communicate with ESMC Server. To make sure all components can communicate correctly, all Peer Certificates need to be valid and signed by the same Certification Authority. Read more about certificates in ESMC in our Knowledgebase article.

You have a few options when it comes to certificates:

You can use certificates that were automatically created during ESMC installation.

You can create new Certification Authority (CA) or Import Public Key which you will use to sign the Peer Certificate for each of the components (ESET Management Agent, ESMC Server, ESMC MDM or Virtual Agent Host).

You can use your custom Certification Authority and certificates.

 

note

Note

If you plan to migrate from ESMC Server to a new server machine, you must export/back up all Certification Authorities you are using, as well as ESMC Server Certificate. Otherwise none of the ESMC components will be able to communicate with your new ESMC Server.

You can create a new Certification Authority and Peer Certificates in ESMC Web Console, follow the instructions in this guide to:

Create a new Certification Authority

oImport a Public Key

oExport a Public Key

oExport a Public Key in BASE64 format

Create a new Peer Certificate

oCreate a Certificate

oExport a Certificate

oCreate an APN certificate

oRevoke a certificate

oCertificate usage

oSet new ESMC Server certificate

oCustom certificates with ESET Security Management Center

oExpiring Certificate - reporting and replacement

important

Important

macOS / OS X does not support Certificates with expiry date January 19, 2038 and later. ESET Management Agent running on macOS / OS X will not be able to connect to ESMC Server.

note

Note

For all Certificates and Certification Authorities created during installation of ESMC components, the Valid from value is set to 2 days before certificate creation.

For all Certificates and Certification Authorities created in the ESMC Web Console, the Valid from value is set to 1 day before certificate creation. The reason for this is to cover all possible time discrepancies between affected systems.

For example, a Certification Authority and Certificate, created 2017 Jan 12 during installation will have a pre-defined Valid from value of 2017 Jan 10 00:00:00, and a Certificate Authority and Certificate created 2017 Jan 12 in ESMC Web Console will have a pre-defined Valid from value of 2017 Jan 11 00:00:00.