Solution
-
You need to have OpenSSL version 1.1.1 (for Windows) installed. The OpenSSL application enables you to create signed certificates.
-
Generate the
.key
file and certificate for CA. Run the following code in the Command Prompt. You can substitute theprotect-custom-ca.key
andprotect-custom-ca.der
filename with your custom name.
openssl genrsa -out protect-custom-ca.key 2048
openssl req -x509 -new -nodes -key protect-custom-ca.key -sha256 -days 3650 -out protect-custom-ca.der -outform der -subj "/CN=PROTECT Custom CA"
- Create the ESET PROTECT On-Prem certificate extensions file.
echo authorityKeyIdentifier=keyid,issuer >protect.ext
echo basicConstraints=CA:FALSE >>protect.ext
echo keyUsage=digitalSignature,keyEncipherment,dataEncipherment >>protect.ext
echo subjectAltName=DNS:* >>protect.ext
- Generate key and certificate for ESET PROTECT Server and export to
.pfx
file. Replace thepassword
with a proper password.
openssl genrsa -out protect-server.key 2048
openssl req -new -key protect-server.key -subj "/CN=PROTECT Server" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-server.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-server.pfx -inkey protect-server.key -in protect-server.crt -passout pass:password
- Generate key and certificate for ESET Management Agent and export to
.pfx
file. Replace thepassword
with a proper password.
openssl genrsa -out protect-agent.key 2048
openssl req -new -key protect-agent.key -subj "/CN=PROTECT Agent" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-agent.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-agent.pfx -inkey protect-agent.key -in protect-agent.crt -passout pass:password