Certificates are contained in the static group labeled All
Peer certificates and Certification Authority created during the installation are by default contained in the static group labeled All.
Scenario 1: The Agent certificate is going to expire
When the Agents are connecting to the ESET PROTECT Server, ensure that the Agent certificate will not expire sooner than its expiration date.
Create a new Certificate Authority and Peer Certificate in ESET PROTECT On-Prem.
Create and apply a new ESET Management Agent policy and distribute the newly created Agent peer certificate.
Do not delete the old certificate until the new certificate is applied to all the Agents.
Scenario 2: The Agent certificate is invalid (expired)
If the Agents cannot connect to the ESET PROTECT Server, redeploy the ESET Management Agent on all the machines that use the expired Agent certificate.
Create a new Certificate Authority and Peer Certificate in ESET PROTECT On-Prem.
Deploy the ESET Management Agent using ESET PROTECT or ESET PROTECT On-Prem.
Scenario 3: The Server certificate is expiring soon
If the Certification Authority is expired too, proceed with Scenario 5 instead of this scenario.
Create a new Server certificate. Select Server from the Product drop-down menu.
Select your new ESET PROTECT Server certificate.
Scenario 4: The Server certificate is invalid (expired)
The Agents cannot connect to the ESET PROTECT Server because the Server certificate is expired. After setting up a new Server certificate, Agents with a valid certificate will be able to connect to the ESET PROTECT Server.
If the Certification Authority is expired too, proceed with Scenario 6 instead of this scenario.
Create a new Server certificate. Select Server from the Product drop-down menu.
Select your new ESET PROTECT Server certificate.
Scenario 5: The Certification Authority is expiring soon
The Agents are connecting to the ESET PROTECT Server, however, after creating a new Certification Authority, all certificates you use must be replaced: Server, Agent and Virtual Agent Host.
Create a new Certification Authority and be sure to use a new Common Name different from the expired Certification Authority.
Create a new Server certificate. Select Server from the Product drop-down menu) and sign it with the newly created Certification Authority.
Create new certificates for other product components as needed (Agent and Virtual Agent Host).
Create and apply a new ESET Management Agent policy and distribute the newly created Agent peer certificate.
Apply other peer certificates using policies.
Wait for replication of the new certificate and Certification Authority to all Agents.
Wait for replication of the new certificate and Certification Authority to all other product components.
Select your new ESET PROTECT Server certificate.
Do not delete the expiring Certification Authority until new certificates are applied to all components.
Scenario 6: The Certification Authority is invalid (expired)
The Agents cannot connect to the ESET PROTECT Server. Create a new Certification Authority. All certificates you use must be replaced: Server, Agent and Virtual Agent Host.
Create a new Certification Authority and be sure to use a new Common Name different from the expired Certification Authority.
Create a new Server certificate. Select Server from the Product drop-down menu) and sign it with the newly created Certification Authority.
Create new certificates for other product components as needed (Agent and Virtual Agent Host).
Deploy the ESET Management Agent using ESET PROTECT or ESET PROTECT On-Prem.
Select your new ESET PROTECT Server certificate.
Troubleshooting logs
When a client computer does not appear to be connecting to your ESET PROTECT Server, we recommend that you perform ESET Management Agent troubleshooting locally on the client machine. See the Online Help topic, Troubleshooting - Agent connection for more information.
