Certification Authority and Peer certificates created during the installation are by default contained in the static group All.
I. Create a new Certification Authority in the ESET PROTECT Web Console
Click More → Certification Authorities → New.
Set the following basic settings for the Certification Authority:
Description: Type a description for the Certification Authority.
Passphrase & Confirm passphrase: You can set a passphrase for your CA according to your preference, but it is not required.
Attributes: The Common name field is mandatory, and will be used to refer to this CA in the future.
CA Validity: Set the CA validity dates using the Valid from and Valid to fields.
macOS does not support certificates with validity ending after the year 2037
Certificates with a Valid To date of 2037 or later are not supported. macOS cannot parse a date variable from the Certification Authority. The Agent cannot connect, because macOS is unable to accept the Certification Authority.
Click Save to save your new CA. It will be listed in the Certification Authority list under Admin → Certificates → Certification Authorities, and ready for use.
II. Create a new Peer Certificate in the ESET PROTECT Web Console
New Certificate Authority (CA)
Users that created a new CA must create an Agent peer certificate and a Server certificate. Each peer certificate must be signed by the new CA.
Open ESET PROTECT Web Console in your web browser and log in.
Click More → Peer Certificates → New → Certificate.
The Basic section displays the following basic settings for the certificate:
Product: Select the type of certificate you want to create from the drop-down menu.
Host: Leave the default value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS name or IP address.
Passphrase: We recommend that you leave this field blank, but if desired, you can set a passphrase for the certificate that will be required when clients attempt to activate.
Unsupported characters in Agent Certificate
The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.
Attributes: These fields are not mandatory, but you can use them to include more detailed information about this certificate.
Click Sign, click Select certification authority, then select the desired CA and click OK.
"Failed to create certificate: Creating and signing peer certificate failed. Check input parameters for invalid or reserved characters, check certification authority pfx/pkcs12 signing certificate and corresponding password"
When you create a new certificate in ESET PROTECT Virtual Appliance, you must type the Certification Authority Passphrase in the field. It is the same password you have specified during ESET PROTECT VA configuration.
Click Summary to view details about the certificate and click Finish. Your new peer certificate will be displayed in the list of peer certificates.