[KB6793] Create a new certificate for new workstations to automatically join a Dynamic Group in ESET Security Management Center (7.x)

Issue

ESET business product in Limited Support status

This article applies to an ESET product version that is currently in Limited Support status and is scheduled to reach End of Life status soon.

For a complete list of supported products and support level definitions, review the ESET End of Life Policy for business products.

Upgrade ESET business products.

  • Create and deploy a new certificate for new workstations to automatically join a Dynamic Group based on Certificate serial number

To create a new certificate or Certification Authority, or to create a new certificate set to other specific parameters for a certain group of client computers, see the following Knowledgebase article: 

Details

Certificates are used to authenticate products distributed under your license to identify computers on your network, which ensures a secure communication between your ESMC Server and clients, and also to establish secured connection of ESMC Web Console. 

Your Certification Authority (CA) is used to legitimize certificates distributed from your network. In an enterprise setting, a public key can be used to automatically associate client software with the ESMC Server to allow for remote installation of ESET products.

Solution

Examples of Dynamic Group templates and their use

For aditional examples of using Dynamic Group templates, see Dynamic Group template - examples in ESMC Online Help and Related articles below.

To create a new certificate in ESET Security Management Center for new workstations to automatically join a Dynamic Group, follow the instructions below:

  1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in. How do I open ESMC Web Console?

  2. Click MorePeer Certificates → New → Certificate.
     
  3. In the Basic section, complete the following attributes:
    1. Description: Type in a descriptive name to identify which computer or which Dynamic Groups this certificate will be for.
    2. Product: Select Agent from the drop-down menu (Agent is selected by default).

Figure 1-1
Click the image to view larger in new window

 

  1. Click the Sign section and click<‎Select Certification Authority>. If you are using the ESMC Virtual Appliance, you also need to provide the Certification Authority Passphrase.

Figure 1-2
Click the image to view larger in new window

 

  1. Select the certification authority that you want to use and then click OK

Figure 1-3
Click the image to view larger in new window

 

  1. Click Finish. The new certificate with the description you chose in step 3 will be included in the list of Peer Certificates. Click the new certificate and select Edit from the context menu.

Figure 1-4
Click the image to view larger in new window

 

  1. In the Edit Certificate window, copy the Serial number value (for example, by selecting the text and pressing Ctrl + C on your keyboard). 

Figure 1-5
Click the image to view larger in new window

 

  1. Click Computers , click the gear icon  and select New Dynamic Group from the context menu. 

Figure 1-6
Click the image to view larger in new window

  1. In the Basic section, type a descriptive name for the Dynamic Group in the Name field.

Figure 1-7
Click the image to view larger in new window

 

  1. Click the Template section and click New.

Figure 1-8
Click the image to view larger in new window

 

  1. In the Basic section, type a descriptive name in the Name field for the template.

Figure 1-9
Click the image to view larger in new window

 

  1. Click Expression and click Add Rule

Figure 1-10
Click the image to view larger in new window

 

  1. Expand Peer certificate, click Serial number to select it and then click OK.  

Figure 1-11
Click the image to view larger in new window

 

  1. From the drop down menu, select = (equal). In the empty field, paste (Ctrl + V) or type in the serial number you copied in step 7. Click Finish

Figure 1-12
Click the image to view larger in new window

 

  1. Click the Summary section to view details about the certificate. Click Finish when you are done making changes. Your new certificate will be displayed in the list of peer certificates (More → Certificates Peer Certificates).

The new Dynamic Group is now ready to filter new workstations based on the certificate serial number. When you create an Agent installer, select the new certificate and it will be added to the new Dynamic Group.