Certificates are an important part of ESET Security Management Center; they are required for ESMC components to communicate with the ESMC Server. To make sure all components can communicate correctly, Peer Certificates need to be valid and signed by the same Certification Authority.

Each ESMC component requires a specific Peer certificate.

During the installation of ESMC Server, the installer automatically generates the following certificates and Certification Authorities:

• Server certificate—allows communication to the ESMC Server.
   
• Agent certificate—allows communication with ESMC Server from ESET Management Agent.
   
• Proxy certificate—allows communication with ESMC Server from Mobile Device Connector (in ERA 6, Era Proxy uses the certificate as well).
   
• Agent certificate for server-assisted installation—if you install ESET Management Agent locally and you select the server-assisted installation, ESMC Server provides this certificate. It allows communication with ESMC Server from ESET Management Agent.
   
• Certification Authority (CA)—provides the signature for all certificates.

You can create additional certificates based on your needs:

• Mobile Device Connector certificate—is automatically created if you used the all-in-one installation of ESET Remote Administrator Server with Mobile Device Connector or the Mobile Device Connector (Standalone) Installation. Click for instructions to create an MDM certificate.
   
• Enterprise Inspector Server certificate—allows communication with ESMC Server from the ESET Enterprise Inspector (EEI) Server.
   
• Enterprise Inspector Console certificate—allows communication with ESMC Server from the ESET Enterprise Inspector (EEI) Console.
   
• Virtual Agent Host certificate—allows communication with ESMC Server from Virtual Agent Host.
   
• APN (Apple Push Notification) / DEP (Device Enrollment Program) certificate—MDC uses these certificates for iOS device enrollment. You must create an Apple-provided push certificate and get it signed by Apple before you can enroll iOS devices in ESMC. Click for instructions to create them.

You can perform the following actions with certificates and Certification Authorities:

• Create new certificates and CAs—for example when a certificate is expiring. You can set up notifications about certificate expiration.
   
• Export certificates and CAs—for backup purposes
   
• Migrate certificates and CAs when migrating to another ESMC Server
   
• Create custom certificates and use custom certificates with ESMC
   
• Revoke certificates—once you revoke the certificate, the corresponding ESMC component stops connecting to ESMC Server.

By default, ESMC uses certificates and CAs with SHA-1 encryption. If you want to use certificates with a more secure encryption method (SHA-256), visit our advanced security in ESMC online help topic.

The scheme below shows the usage of certificates in the ESMC infrastructure:

Figure 1-1