[KB6490] Certificate migration in ESET Remote Administrator (6.x)

Issue

ESET business product no longer supported

This article applies to an ESET product version that is currently in End of Life status and is no longer supported. The content in this article is no longer updated. 

For a complete list of supported products and support level definitions, review the ESET End of Life policy for business products.

Upgrade ESET business products.

  • ESET Remote Administrator (ERA) 6.x Certificate Migration to a secondary server

Solution

ERA 6.5 User Permissions

This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

  1. Export the Certificate Authority from the existing ERA Server
  2. Export the Peer Server Certificate from the existing ERA Server
  3. Import the Certificate Authority (CA) .der file to the secondary ERA Server
  4. Import the Peer Server Certificate .pfx file to the secondary ERA Server

I. Export the Certificate Authority from the existing ERA Server, Server One in this example

  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click Admin  → Certificates and select Certification Authorities.

  3. Click ERA Certification authority and select Export Public Key.

  4. The file is saved with a .der extension.

Figure 1-1
Click the image to view larger in new window
 


II. Export the Peer Server Certificate from the existing ERA Server, Server One in this example

  1. Click Admin  → Certificates.

  2. Click Server certificate and select Export.

    Create a new Server Certificate if the hostname is not an asterisk

    If the Hostname in the existing Server Certificate is not '*' (an asterisk), generate a new ESMC Server certificate (with connection information for the new ESMC Server). Leave the default value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS name or IP address.

  3. The file is saved with a .pfx extension.

Figure 2-1
Click the image to view larger in new window

  1. Save the .pfx and .der files to a shared location that is accessible from Server Two.

III. Import the Certificate Authority (CA) .der file to the secondary ERA Server, Server Two in this example

  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click Admin  → Certificates Certification Authorities.
     
  3. Click Actions and select Import Public Key

Figure 3-1
Click the image to view larger in new window

  1. Click Choose File. Navigate to the shared location where you saved the Certificate Authority (CA) .der file. Select the file and click Open.

Figure 3-2
Click the image to view larger in new window

  1. Type in a Description and click Import.

Figure 3-3
Click the image to view larger in new window

  1. After the Certificate has been successfully imported, click Close. The Certification Authority from Server One is now in the Certification Authorities list on Server Two.

Figure 3-4
Click the image to view larger in new window


IV. Import the Peer Server Certificate .pfx file to the secondary ERA Server, Server Two in this example

  1. Click Admin  → Server Settings → Change certificate.

Figure 4-1
Click the image to view larger in new window

  1. Select Custom certificate in the Certificate window and click the choose file icon. 

  2. Navigate to the shared location where you saved the Peer Server Certificate .pfx file from Server One. Select the file and click Open.

Figure 4-2
Click the image to view larger in new window

  1. Click OK → Save.

Figure 4-3
Click the image to view larger in new window

To complete the certificate change, restart the ERA Server service. To restart the service:

  1. Press the Windows key + R, type services.msc in the Open field and click OK.

  2. Right-click ESET Remote Administrator (ERA) Server and select Restart.

With your certificates successfully migrated to the new server, you are ready to migrate Client Computers from Server One to Server Two.