ESET Online Help

Search English
Select the category
Select the topic

Certificates

Certificates are an important part of ESET PROTECT On-Prem, they are required for secure communication between ESET PROTECT components and ESET PROTECT Server and also for establishing secured connection of ESET PROTECT Web Console.


important

To ensure all components can communicate correctly, all Peer Certificates need to be valid and signed by the same Certification Authority.

Read more about certificates in ESET PROTECT On-Prem in our Knowledgebase article.

You have a few options when it comes to certificates:

You can use certificates that were automatically created during ESET PROTECT On-Prem installation.

You can create new Certification Authority (CA) or Import Public Key which you will use to sign the Peer Certificate for each of the components (ESET Management Agent, ESET PROTECT Server, ESET Bridge).

You can use your custom Certification Authority and certificates.


note

If you plan to migrate from ESET PROTECT Server to a new server machine, you must export/back up all Certification Authorities you are using, as well as ESET PROTECT Server Certificate. Otherwise none of the ESET PROTECT components will be able to communicate with your new ESET PROTECT Server.

You can create a new Certification Authority and Peer Certificates in ESET PROTECT Web Console, follow the instructions in this guide to:

Create a new Certification Authority

oImport a Public Key

oExport a Public Key

oExport a Public Key in BASE64 format

Create a new Peer Certificate

oCreate a Certificate

oExport a Certificate

oRevoke a certificate

oCertificate usage

oSet new ESET PROTECT Server certificate

oCustom certificates with ESET PROTECT On-Prem

oExpiring Certificate - reporting and replacement


important

macOS does not support Certificates with expiry date January 19, 2038 and later. ESET Management Agent running on macOS will not be able to connect to ESET PROTECT Server.


note

For all Certificates and Certification Authorities created during installation of ESET PROTECT components, the Valid from value is set to 2 days before certificate creation.

For all Certificates and Certification Authorities created in the ESET PROTECT Web Console, the Valid from value is set to 1 day before certificate creation. The reason for this is to cover all possible time discrepancies between affected systems.

For example, a Certification Authority and Certificate, created 2017 Jan 12 during installation will have a pre-defined Valid from value of 2017 Jan 10 00:00:00, and a Certificate Authority and Certificate created 2017 Jan 12 in ESET PROTECT Web Console will have a pre-defined Valid from value of 2017 Jan 11 00:00:00.