[KB7850] Create a new certificate for new workstations to automatically join a Dynamic Group in ESET PROTECT

Issue

  • Create and deploy a new certificate for new workstations to automatically join a Dynamic Group based on Certificate serial number

Details

Certificates are used to authenticate products distributed under your license to identify computers on your network, which ensures secure communication between your ESET PROTECT Server and clients and also to establish the secured connection of ESET PROTECT. 

Your Certification Authority (CA) is used to legitimize certificates distributed from your network. In an enterprise setting, a public key can be used to automatically associate client software with the ESET PROTECT Server to allow for remote installation of ESET products.

Create a new certificate or Certification Authority, or create a new certificate set to other specific parameters for a certain group of client computers.

Solution

Examples of Dynamic Group templates and their use

For additional examples of using Dynamic Group templates, see Dynamic Group template - examples in ESET PROTECT Online Help and Related articles below.

To create a new certificate in ESET PROTECT for new workstations to automatically join a Dynamic Group, follow the instructions below:

  1. Open the ESET PROTECT Web Console in your web browser and log in.

  2. Click MorePeer Certificates → New and select Certificate.
Figure 1-1
  1. In the Basic section, enter a Description to identify which computer or Dynamic Groups the certificate will be for. Select Agent in the Product drop-down menu.
Figure 1-2
  1. Click Sign and click <‎Select Certification Authority>. If you are using the ESET PROTECT Virtual Appliance, you also need to provide the Certification Authority Passphrase.
Figure 1-3
  1. Select the check box next to the certification authority that you want to use and then click OK
Figure 1-4
  1. Click Finish. The new certificate with the description you chose in step 3 will be included in the list of Peer Certificates. Click the new certificate and select Edit from the context menu.
Figure 1-5
  1. In the Edit Certificate window, copy the Serial number value (for example, by selecting the text and pressing Ctrl + C on your keyboard). 
Figure 1-6
  1. Click Computers , click the gear icon  and select New Dynamic Group from the context menu. 
Figure 1-7
  1. In the Basic section, type a descriptive name for the Dynamic Group in the Name field.
Figure 1-8
  1. Click Template and click New.
Figure 1-9
  1. In the Basic section, type a descriptive name in the Name field for the template.
Figure 1-10
  1. Click Expression and click Add Rule
Figure 1-11
  1. Expand Peer certificate, select Serial number and then click OK.  
Figure 1-12
  1. Select = (equal) from the Peer certificate . Serial number drop-down menu. In the empty field, paste (Ctrl + V) or type in the serial number you copied in step 7. Click Finish
Figure 1-13
  1. Click Summary to view details about the certificate. Click Finish when you are done making changes. Your new certificate will be displayed in the list of peer certificates (More → Certificates Peer Certificates).

The new Dynamic Group is now ready to filter new workstations based on the certificate serial number. When you create an Agent installer, select the new certificate and it will be added to the new Dynamic Group.