Create a new Certificate
As part of the installation process, ESET PROTECT On-Prem requires that you create a Peer certificate for Agents. These certificates are used to authenticate communication between the Agent on client device and ESET PROTECT Server.
To create a new certificate in the ESET PROTECT Web Console, navigate to More > Peer Certificates and click Add.
Basic
Description—Type description for the certificate.
Click Select tags to assign tags.
Product—Select the type of certificate you want to create from the drop-down menu.
Host—Leave the default value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS name or IP address.
Passphrase—We recommend that you leave this field blank, but you can set a passphrase for the certificate that will be required when clients attempt to activate.
•The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during Agent initialization. •The password must contain at least 14 characters in three categories: lowercase letters, uppercase letters, digits or special characters. We recommend using a password with no less than 17 characters. |
Attributes (subject)
These fields are not mandatory, but you can use them to include more detailed information about this certificate.
Common name—This value should contain the string "Agent" or "Server", according to the selected Product. If you want, you can type descriptive information about the certificate. Type the Valid from and Value to values to ensure that the certificate is valid.
For all Certificates and Certification Authorities created during installation of ESET PROTECT components, the Valid from value is set to 2 days before certificate creation. For all Certificates and Certification Authorities created in the ESET PROTECT Web Console, the Valid from value is set to 1 day before certificate creation. The reason for this is to cover all possible time discrepancies between affected systems. For example, a Certification Authority and Certificate, created 2017 Jan 12 during installation will have a pre-defined Valid from value of 2017 Jan 10 00:00:00, and a Certificate Authority and Certificate created 2017 Jan 12 in ESET PROTECT Web Console will have a pre-defined Valid from value of 2017 Jan 11 00:00:00. |
Sign
Select from two signing methods:
•Certification Authority—If you would like to sign using the ESET PROTECT Certification Authority (created CA during ESET PROTECT On-Prem installation).
oSelect the ESET PROTECT Certification Authority from the list of certification authorities
oCreate a new Certification Authority
•Custom pfx file—To use a custom .pfx file, click Browse, navigate to your custom .pfx file and click OK. Select Upload to upload this certificate to the Server. You cannot use the custom made certificate.
If you would like to sign a new certificate using the ESET PROTECT On-Prem CA (created during ESET PROTECT On-Prem installation) in ESET PROTECT Virtual Appliance, you need to type a Certification Authority Passphrase. This is the password you specified during ESET PROTECT VA configuration. |
Summary
Review the certificate information you provided and click Finish. The certificate is now successfully created and will be available in the Certificates list to use when installing the Agent. The certificate will be created in your home group.
As an alternative to creating a new certificate, you can Import a Public Key, Export a Public Key or Export a Peer Certificate. |