[KB7648] Create a new Certification Authority and Peer Certificate in ESET PROTECT On-Prem

Issue

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  • You have enabled advanced security, your certificates are expiring, or you forgot your Certification Authority passphrase, and need to create a new Certification Authority

Details

Click to expand

Certificates are used to authenticate products distributed under your subscription and identify computers on your network to help ensure secure communication between your ESET PROTECT Server and clients.

Solution

Default certificates

Certification Authority and Peer certificates created during the installation are, by default, contained in the static group All.

  1. Create a new Certification Authority
  2. Create a new Peer Certificate

I. Create a new Certification Authority

  1. Open the ESET PROTECT On-Prem Web Console in your web browser and log in.

  2. Click MoreCertification AuthoritiesAdd.

  3. Set the following basic settings for the Certification Authority:

    • Description: Type a description for the Certification Authority.
    • Passphrase & Confirm passphrase: You can set a passphrase for your Certification Authority according to your preference, but it is not required.
    • Attributes: The Common name field is mandatory, and will be used to refer to this Certification Authority in the future.
    • Validity: Set the Certification Authority validity dates using the Valid from and Valid to fields.

    macOS does not support certificates with validity ending after the year 2037

    Certificates with a Valid To date of 2037 or later are not supported. macOS cannot parse a date variable from the Certification Authority. The Agent cannot connect because macOS is unable to accept the Certification Authority.

  4. Click Save to save your new Certification Authority. It will be listed in the Certification Authority list and ready for use.

II. Create a new Peer Certificate

New Certification Authority

After you create a new Certification Authority, you must also create Agent and Server peer certificates that are signed by the new Certification Authority.

  1. Click MorePeer CertificatesAdd.

  2. In the Basic section, check the mandatory fields for the certificate:

    • Component: Select the type of certificate you want to create from the drop-down menu.
    • Host: Leave the default value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS name or IP address.

    You can also fill in these optional fields for the certificate:

    • Passphrase: We recommend that you leave this field blank, but if desired, you can set a passphrase for the certificate that will be required when clients attempt to activate.
      Unsupported characters in Agent Certificate

      The certificate passphrase must not contain the following characters: " \

      These characters cause a critical error during the initialization of the Agent.

    • Attributes: You can use these fields to include more detailed information about this certificate.

  1. Click Continue, then click Select certification authority.

  2. Select the desired Certification Authority and click OK, then click Continue.

  3. View details about the certificate and click Finish. Your new peer certificate will be displayed in the list of peer certificates.

Last Updated: Jan 12, 2026

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?