Certificates
Certificates are an important part of ESET PROTECT On-Prem, they are required for secure communication between ESET PROTECT components and ESET PROTECT Server and also for establishing secured connection of ESET PROTECT Web Console.
To ensure all components can communicate correctly, all Peer Certificates need to be valid and signed by the same Certification Authority. |
Read more about certificates in ESET PROTECT On-Prem in our Knowledgebase article.
You have a few options when it comes to certificates:
•You can use certificates that were automatically created during ESET PROTECT On-Prem installation.
•You can create new Certification Authority (CA) or Import Public Key which you will use to sign the Peer Certificate for each of the components (ESET Management Agent, ESET PROTECT Server, ESET PROTECT MDM).
•You can use your custom Certification Authority and certificates.
If you plan to migrate from ESET PROTECT Server to a new server machine, you must export/back up all Certification Authorities you are using, as well as ESET PROTECT Server Certificate. Otherwise none of the ESET PROTECT components will be able to communicate with your new ESET PROTECT Server. |
You can create a new Certification Authority and Peer Certificates in ESET PROTECT Web Console, follow the instructions in this guide to:
•Create a new Certification Authority
oExport a Public Key in BASE64 format
•Create a new Peer Certificate
oCreate an APN/ABM certificate
oSet new ESET PROTECT Server certificate
oCustom certificates with ESET PROTECT On-Prem
oExpiring Certificate - reporting and replacement
macOS does not support Certificates with expiry date January 19, 2038 and later. ESET Management Agent running on macOS will not be able to connect to ESET PROTECT Server. |
For all Certificates and Certification Authorities created during installation of ESET PROTECT components, the Valid from value is set to 2 days before certificate creation. For all Certificates and Certification Authorities created in the ESET PROTECT Web Console, the Valid from value is set to 1 day before certificate creation. The reason for this is to cover all possible time discrepancies between affected systems. For example, a Certification Authority and Certificate, created 2017 Jan 12 during installation will have a pre-defined Valid from value of 2017 Jan 10 00:00:00, and a Certificate Authority and Certificate created 2017 Jan 12 in ESET PROTECT Web Console will have a pre-defined Valid from value of 2017 Jan 11 00:00:00. |