[KB8587] How to import ESET Inspect Server certificate from a file

ESET Inspect On-Prem does not support certain certificates

By default, certificates created by the ESET PROTECT On-Prem use * (an asterisk) as a hostname (wildcard certificate). ESET Inspect On-Prem does not support such certificates. You must use the real  ESET Inspect Server hostname.

The certificates must be provided in PKCS #12 format.

PKCS #12 is a file format used for storing many cryptography objects as a single file—like certificates or certification authorities. Usually, files that use PKCS #12 have extension ".pfx" or ".p12".

Certificates must have more than "*" (one asterisk, nothing more) for a host in the following places:

• CN (common name)
• alternative names (from extension Subject Alternative Name from RFC5280)
• CN in additional certificates (PKCS #12 can hold additional certificates)
• alternative names in additional certificates, for example:
  
  • "*" is not allowed.
  • "*.yourcompany.com" is allowed
  • "yourcompany.*.hq.com" is allowed.
• Another file format frequently used in cryptography is X509. Files using X509 formats with the extensions ".der" or ".pem".
• In ESET Inspect On-Prem, certificates are kept in ".pfx" files, and certification authorities are kept in ".der" files.
• Mandatory parameters for creating a Peer Certificate are:
  • Product: "ESET Inspect Server"
  • Host: Use a real IP Address of the ESET Inspect Server
• If you want to connect ESET Inspect Connector from another network, add another IP or hostname by separating it with a space, comma or semicolon. For example, HOST 192.168.20.22;10.1.183.88
• Do not use the semicolon symbol ";" in the filename or folder name in the certificate's path. It is used to separate multiple certificates, if applicable.