ESET Online Help

Search English
Select the category
Select the topic


Certificates are an important part of ESET PROTECT, they are required for secure communication between ESET PROTECT components and ESET PROTECT Server and also for establishing secured connection of ESET PROTECT Web Console.


To make sure all components can communicate correctly, all Peer Certificates need to be valid and signed by the same Certification Authority.

Read more about certificates in ESET PROTECT in our Knowledgebase article.

You have a few options when it comes to certificates:

You can use certificates that were automatically created during ESET PROTECT installation.

You can create new Certification Authority (CA) or Import Public Key which you will use to sign the Peer Certificate for each of the components (ESET Management Agent, ESET PROTECT Server, ESET PROTECT MDM).

You can use your custom Certification Authority and certificates.



If you plan to migrate from ESET PROTECT Server to a new server machine, you must export/back up all Certification Authorities you are using, as well as ESET PROTECT Server Certificate. Otherwise none of the ESET PROTECT components will be able to communicate with your new ESET PROTECT Server.

You can create a new Certification Authority and Peer Certificates in ESET PROTECT Web Console, follow the instructions in this guide to:

Create a new Certification Authority

oImport a Public Key

oExport a Public Key

oExport a Public Key in BASE64 format

Create a new Peer Certificate

oCreate a Certificate

oExport a Certificate

oCreate an APN/ABM certificate

oRevoke a certificate

oCertificate usage

oSet new ESET PROTECT Server certificate

oCustom certificates with ESET PROTECT

oExpiring Certificate - reporting and replacement


macOS / OS X does not support Certificates with expiry date January 19, 2038 and later. ESET Management Agent running on macOS / OS X will not be able to connect to ESET PROTECT Server.


For all Certificates and Certification Authorities created during installation of ESET PROTECT components, the Valid from value is set to 2 days before certificate creation.

For all Certificates and Certification Authorities created in the ESET PROTECT Web Console, the Valid from value is set to 1 day before certificate creation. The reason for this is to cover all possible time discrepancies between affected systems.

For example, a Certification Authority and Certificate, created 2017 Jan 12 during installation will have a pre-defined Valid from value of 2017 Jan 10 00:00:00, and a Certificate Authority and Certificate created 2017 Jan 12 in ESET PROTECT Web Console will have a pre-defined Valid from value of 2017 Jan 11 00:00:00.