[KB8051] Migrate to a new certificate chain in ESET PROTECT On-Prem

Issue

• You enabled advanced security and need to migrate to a new certificate chain
• Your current certificates are expired and you need to migrate to a new certificate chain
• You do not remember your current Certificate Authority (CA) passphrase and need to migrate to a new certificate chain

Solution

I. Create new CA and certificates

1. Create a new CA, agent peer certificate and then create a new server peer certificate.

II. Migrate clients to a new Agent certificate

1. Open ESET PROTECT On-Prem in your web browser and log in.
   
   
   
2. Click Policies. Click Actions → New. 
   
   

   

3. In the Basic section, type a Name.
   
   

   

4. Click Settings, select ESET Management Agent from the drop-down menu and click Change certificate.
   
   

   

5. Click Open certificate list.
   
   

   

6. Select the check box next to the agent certificate created in section I. Click OK.
   
   

   

7. Click OK.
   
   

   

8. Click Assign → Assign.
   
   

   

9. Select the check box next to the groups or computers the new policy will apply to. Click OK.
   
   

   

10. Click Finish.
    
    

    

III. Set new ESET PROTECT Server certificate

1. Open ESET PROTECT On-Prem in your web browser and log in.
   
   
   
2. Click More → Server Settings → Change certificate.
   
   

   

3. Click Open certificate list.
   
   

   

4. Select the check box next to the server certificate created in section I. Click OK.
   
   

   

5. Click Save.
   
   

   

6. Restart the ESET PROTECT Server service.