As part of the installation process, ERA requires a peer certificate authority and a peer certificate for Agents. These certificates are used to authenticate products distributed under your license. You can create new certificates for use on additional client computers. For example, a server certificate is required for the distribution of ESET server products. In some cases, you might also want to create a new certificate to set specific parameters for a certain group of client computers, for example, a group of computers that will only be in use for six months might use a certificate with a different expiration date than other client computers.
Your Certificate Authority (CA) is used to legitimize certificates distributed from your network. In an enterprise setting, a public key can be used to automatically associate client software with the ESET Remote Administrator Server to allow for remote installation of ESET products.
End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM
ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.
ESET Remote Administrator version 6.4 is currently in basic support status and is expected to reach End of Life status in December 2019.
The MDM functionality in ESET Remote Administrator version 6 is in Basic Support status as of April 11, 2019. After this date, MDM version 6 will no longer be available for download.
Prerequisite
A Peer certificate or Certification Authority must be present in ERA Web Console.
Export a certificate or public key
View permissions needed for least privilege user access
ERA 6.5 User Permissions
This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.
If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):
A user must have the following permissions for the group that contains the modified object:
Functionality |
Read |
Use |
Write |
Certificates |
✓ |
✓ |
|
Once these permissions are in place, follow the steps below.
Default certificates
Peer certificates and Certification Authority that are created during the installation are by default contained in the Static Group All.
-
Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.
-
Click Admin
→ Certificates → Peer Certificates (or select Certification Authorities to export a public key).
-
Select the appropriate certificate. The type of certificate you export will depend on the component you are installing. Export a Server certificate for use when installing server components like ESET Remote Administrator Proxy. Export an Agent certificate for use when installing the ESET Remote Administrator Agent (ERA Agent). See below for examples of when to use each option:
-
Export - Export your certificate (
.pfx
file ) or CA (.der
file). During product installation, the setup wizard will prompt you for this certificate.
-
Export as Base64 - Export your certificate or CA as a
.txt
file. Open this file in a text editor to access your unique certificate or public key for use when creating a transformation (.mst
) file or in other applications where it is necessary to enter unique strings from your certificate or CA to submit your credentials.

Figure 1-1
Click the image to view larger in new window
Convert custom certificates to Base64 format
Base64 is the only format accepted by ERA components to connect to the ERA Server. For more information on how to convert certificates, see Linux man page and Mac OS X man page.