Expiring Certificate - reporting and replacement

ESET PROTECT is able to notify you about a Certificate or a Certification Authority that is going to expire. There are pre-defined Notifications for both ESET PROTECT Certificate and ESET PROTECT Certification Authority in the Notifications tab.

To activate this feature, click Edit Notification and specify details in the Distribution section, such as email address or SNMP trap. Each user is able to see notifications only for those certificates which are in their home group (given the user has assigned Read permissions for Certificates).


note

Make sure you have configured SMTP connection settings in More > Settings first. When done, you can edit notification to add Distribution email address.

If a computer has a certificate that is about to expire, its status information will automatically change. The status will be reported to Dashboard, Computers, Status Overview and Certificate tab:

cert_expire

To replace an expiring Certification Authority or Certificate, follow these steps:

1.Create new Certification Authority with a new validity period (if the old one is going to expire), ideally setting it to be valid immediately.

2.Create a new Peer Certificates for ESET PROTECT Server and other components (Agent/MDM) within the validity period of your new Certification Authority.

3.Create policies to set new Peer Certificates. Apply the policies to ESET PROTECT components, MDM and to ESET Management Agent on all client computers in your network.

4.Wait until the new Certification Authority and Peer Certificates are applied and the clients were replicated.


note

We recommend that you wait 24 hours or check if all of your ESET PROTECT components (Agents) have replicated at least twice. You can enforce Agent replication in Computers by clicking the computer and selecting Send Wake-Up Call.

5.Replace Server certificate in ESET PROTECT Server Settings so that clients are able to authenticate using their new Peer Certificates.

6.Restart the ESET PROTECT Server service.

7.After you have completed all the steps above, every client is connecting to ESET PROTECT and all is working as expected, revoke old Peer Certificates and delete the old Certification Authority.