Expiring Certificate - reporting and replacement
ESET PROTECT is able to notify you about a Certificate or a Certification Authority that is going to expire. There are pre-defined Notifications for both ESET PROTECT Certificate and ESET PROTECT Certification Authority in the Notifications tab.
To activate this feature, click Edit Notification and specify details in the Distribution section, such as email address or SNMP trap. Each user is able to see notifications only for those certificates which are in their home group (given the user has assigned Read permissions for Certificates).
Make sure you have configured SMTP connection settings in More > Settings first. When done, you can edit notification to add Distribution email address. |
The ESET PROTECT Web Console reports a warning if a certificate or Certification Authority is about to expire in less than 90 days. The warning appears in Computers, Status Overview, Peer Certificates and Certification Authorities.
To replace an expiring Certification Authority or Certificate, follow these steps:
1.Create new Certification Authority with a new validity period (if the old one is going to expire), ideally setting it to be valid immediately.
2.Create a new Peer Certificates for ESET PROTECT Server and other components (Agent/MDM) within the validity period of your new Certification Authority.
3.Create policies to set new Peer Certificates. Apply the policies to ESET PROTECT components, MDM and to ESET Management Agent on all client computers in your network.
4.Wait until the new Certification Authority and Peer Certificates are applied and the clients were replicated.
We recommend that you wait 24 hours or check if all of your ESET PROTECT components (Agents) have replicated at least twice. You can enforce Agent replication in Computers by clicking the computer and selecting Send Wake-Up Call. |
5.Replace Server certificate in ESET PROTECT Server Settings so that clients are able to authenticate using their new Peer Certificates.
6.Restart the ESET PROTECT Server service.
7.After you have completed all the steps above, every client is connecting to ESET PROTECT and all is working as expected, revoke old Peer Certificates and delete the old Certification Authority.