Renew Proxy Cert (Certificate created during server assisted installation)

[HSW 9]

Hi,

i get a message that our proxy cert will be expire in 30 days. I have create a new one. Can someone describe where i must link the cert to be in the right place?

thanks

[Marcos 3,591]

Do you use an ESET or custom certificate? Default ESET certificates are generated for 10 years.

If you need to create a new agent peer certificate, you can do so in the Certificates section of ESMC. When created, convey it to agent on clients via an agent policy.

[HSW 9]

Hi Marcos,

like i write: its the "proxy" cert (Certificate created during server assisted installation). And this cert is only for 5 years. It is only assigned to the eset server but i dont know where and how. (and we use ESET certs)

Edited November 5, 2020 by HSW

[MartinK 332]

You have to create new configuration policy for "ESET Remote Administrator Proxy", where you will enter this certificate. Once done, configuration policy has to be assigned to device where proxy is actually running. Once applied, Proxy will start to use this new certificate, which should be also reported to console.

[HSW 9]

Hi Martin, 

we have no "configuration policy for "ESET Remote Administrator Proxy"" -> we need to create one? Or if we didnt have one i can revoke the cert and all is fine? As i understand -> proxy is only used for Updates from own servers? We didnt have this actual.

[Marcos 3,591]

Do not confuse HTTP proxy with ERA Proxy, those are completely different product. While the former serves to cache update files and installers downloaded from the Internet, the latter serves for connecting ERA 6.x agents in different networks to the ERA/ESMC server. Did you install ERA Proxy or MDM in the past?

Please click the certificate and select "Certificate usage" from the menu. You should see the machine on which it's used. Does the machine still connect to the ESMC server? If not, you could revoke the certificate.

[HSW 9]

The cert is only used for the eset server. I have attached all certs under "peer.." We install MDM in the year 2017 but i think this is the other cert? ("mobile Device Connector"?) We did not used any ERA proxy, the agent cert is also a other one. If i understand correct, the cert was created, when we install ERA the first time (new install and import old V5 Data) in 2015.

Edited November 9, 2020 by HSW

[HSW 9]

Please help.

[Marcos 3,591]

The MDC certificate is for communication between a mobile device and MDC. The proxy certificate is also used for communication between MDC and the ESMC server.

Before you revoke the old proxy certificate, make sure that MDC has received the new proxy certificate via a policy:

[HSW 9]

Ah thanks i did not see, there are 2 cert fields in MDC Policy. I change the cert and now wait if "used by XX" will change to the new cert.

EDIT: Changes are done and in the overview all is fine, i will wait some days bevor i revoke the old one.

THX!

Edited November 10, 2020 by HSW