[KB7850] Create a new certificate for new workstations to automatically join a Dynamic Group in ESET PROTECT On-Prem

Issue

  • Create and deploy a new certificate for new workstations to automatically join a Dynamic Group based on Certificate serial number

Details


Click to expand

Certificates are used to authenticate products distributed under your license to identify computers on your network, which ensures secure communication between your ESET PROTECT On-Prem Server and clients. Certificates also establish the secured connection of ESET PROTECT On-Prem.

Your Certification Authority (CA) is used to legitimize certificates distributed from your network. In an enterprise setting, a public key can be used to automatically associate client software with the ESET PROTECT On-Prem Server to allow for remote installation of ESET products.

Create a new certificate or Certification Authority, or create a new certificate set to other specific parameters for a certain group of client computers.

Solution

Examples of Dynamic Group templates and their use

For additional examples of using Dynamic Group templates, see Dynamic Group template – examples and related articles.

Create a new certificate in ESET PROTECT On-Prem for new workstations to join a Dynamic Group automatically:

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click MorePeer Certificates → New and select Certificate.

    Figure 1-1
  3. In the Basic section, type in a Description to identify which computer or Dynamic Groups the certificate will be for. Select Agent in the Product drop-down menu.

    Figure 1-2
  4. Click Sign and click <‎Select Certification Authority>.

    ESET PROTECT On-Prem Virtual Appliance users

    If you are using the ESET PROTECT On-Prem Virtual Appliance, you must also type a passphrase into the Certification Authority passphrase field.

    Figure 1-3
  5. Select the check box next to the certification authority you want to use and click OK.

    Figure 1-4
  6. Click Finish.

  7. The new certificate with the description you chose in step 3 will be included in the list of Peer Certificates. Right-click the new certificate and select Edit from the context menu.

    Figure 1-5
  8. In the Edit Certificate window, copy the Serial number value.

    Figure 1-6
  9. Click Computers, click the gear icon and select New Dynamic Group from the context menu.

    Figure 1-7
  10. Type a descriptive name for the Dynamic Group in the Name field.

    Figure 1-8
  11. Click Template and click New.

    Figure 1-9
  12. Type a descriptive name in the Name field for the template.

    Figure 1-10
  13. Click Expression and click Add Rule.

    Figure 1-11
  14. Expand Peer certificate, select Serial number and click OK.

    Figure 1-12
  15. Select = (equal) from the Peer certificate . Serial number drop-down menu. In the empty field, paste (CTRL + V) or type in the serial number you copied in step 7. Click Finish.

    Figure 1-13
  16. Click Summary to view details about the certificate. Click Finish when you are done making changes. Your new certificate will be displayed in the list of peer certificates (More → Certificates Peer Certificates).

New Dynamic Group is ready to filter new workstations based on the certificate serial number. When you create an Agent installer, select the new certificate to be added to the new Dynamic Group.