Solution
You need to have OpenSSL version 1.1.1 (for Windows) installed. The OpenSSL application enables you to create signed certificates.
Generate the
.keyfile and certificate for CA. Run the following code in the Command Prompt. You can substitute theprotect-custom-ca.keyandprotect-custom-ca.derfilename with your custom name.
openssl genrsa -out protect-custom-ca.key 2048
openssl req -x509 -new -nodes -key protect-custom-ca.key -sha256 -days 3650 -out protect-custom-ca.der -outform der -subj "/CN=PROTECT Custom CA"- Create the ESET PROTECT On-Prem certificate extensions file.
echo authorityKeyIdentifier=keyid,issuer >protect.ext
echo basicConstraints=CA:FALSE >>protect.ext
echo keyUsage=digitalSignature,keyEncipherment,dataEncipherment >>protect.ext
echo subjectAltName=DNS:* >>protect.ext- Generate key and certificate for ESET PROTECT Server and export to
.pfxfile. Replace thepasswordwith a proper password.
openssl genrsa -out protect-server.key 2048
openssl req -new -key protect-server.key -subj "/CN=PROTECT Server" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-server.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-server.pfx -inkey protect-server.key -in protect-server.crt -passout pass:password- Generate key and certificate for ESET Management Agent and export to
.pfxfile. Replace thepasswordwith a proper password.
openssl genrsa -out protect-agent.key 2048
openssl req -new -key protect-agent.key -subj "/CN=PROTECT Agent" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-agent.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-agent.pfx -inkey protect-agent.key -in protect-agent.crt -passout pass:password
