[KB7976] Export a certificate or public key from ESET PROTECT On-Prem


Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  • Export a Server certificate, an Agent certificate, or a Certificate Authority (CA) public key from the ESET PROTECT Web Console for use during an ESET PROTECT On-Prem component installation


Click to expand

As part of the installation process, ESET PROTECT On-Prem requires a peer Certificate Authority and a peer certificate for Agents. These certificates are used to authenticate products distributed under your license. You can create new certificates for use on additional client computers. For example, a server certificate is required for the distribution of ESET server products.

You may also want to create a new certificate to set specific parameters for a certain group of client computers. For example, a group of computers that will only be in use for six months might use a certificate with a different expiration date than other client computers.

Your Certificate Authority (CA) is used to legitimize certificates distributed from your network. In an enterprise setting, a public key can be used to automatically associate client software with ESET PROTECT On-Prem to allow for remote installation of ESET products.


Default certificates

By default, peer certificates and Certification Authorities created during the installation are contained in the All Static Group.

Verify that a Peer certificate or Certification Authority is present in ESET PROTECT On-Prem.

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click More Peer Certificates, or select Certification Authorities to export a public key.

    Figure 1-1
  3. Select the appropriate certificate and then click Export or Export as Base64. The type of certificate you export will depend on the component you are installing. Export a Server certificate for use when installing server components. Export an Agent certificate for use when installing the ESET Management Agent. See below for examples of when to use each option:

    Figure 1-2
    • Export - Export your certificate (.pfx file ) or CA (.der file). During product installation, the Setup Wizard will prompt you for this certificate.

    • Export as Base64 - Export your certificate or CA as a .txt file. Open this file in a text editor to access your unique certificate or public key for use when creating a transformation (.mst) file or in other applications where it is necessary to type unique strings from your certificate or CA to submit your credentials.

Convert custom certificates to Base64 format

Base64 is the only format accepted by ESET PROTECT On-Prem components to connect to the ESET PROTECT Server. For more information on how to convert certificates, see Linux man page and macOS X man page.