Jump to content

Renew Proxy Cert (Certificate created during server assisted installation)


Go to solution Solved by Marcos,

Recommended Posts

Hi,

i get a message that our proxy cert will be expire in 30 days. I have create a new one. Can someone describe where i must link the cert to be in the right place?

thanks

Link to post
Share on other sites
  • Administrators

Do you use an ESET or custom certificate? Default ESET certificates are generated for 10 years.

If you need to create a new agent peer certificate, you can do so in the Certificates section of ESMC. When created, convey it to agent on clients via an agent policy.

Link to post
Share on other sites

Hi Marcos,

like i write: its the "proxy" cert (Certificate created during server assisted installation). And this cert is only for 5 years. It is only assigned to the eset server but i dont know where and how. (and we use ESET certs)

2020-11-05_16h51_33.png

Edited by HSW
Link to post
Share on other sites
  • ESET Staff

You have to create new configuration policy for "ESET Remote Administrator Proxy", where you will enter this certificate. Once done, configuration policy has to be assigned to device where proxy is actually running. Once applied, Proxy will start to use this new certificate, which should be also reported to console.

Link to post
Share on other sites

Hi Martin, 

we have no "configuration policy for "ESET Remote Administrator Proxy"" -> we need to create one? Or if we didnt have one i can revoke the cert and all is fine? As i understand -> proxy is only used for Updates from own servers? We didnt have this actual.

Link to post
Share on other sites
  • Administrators

Do not confuse HTTP proxy with ERA Proxy, those are completely different product. While the former serves to cache update files and installers downloaded from the Internet, the latter serves for connecting ERA 6.x agents in different networks to the ERA/ESMC server. Did you install ERA Proxy or MDM in the past?

Please click the certificate and select "Certificate usage" from the menu. You should see the machine on which it's used. Does the machine still connect to the ESMC server? If not, you could revoke the certificate.

Link to post
Share on other sites

The cert is only used for the eset server. I have attached all certs under "peer.." We install MDM in the year 2017 but i think this is the other cert? ("mobile Device Connector"?) We did not used any ERA proxy, the agent cert is also a other one. If i understand correct, the cert was created, when we install ERA the first time (new install and import old V5 Data) in 2015.

2020-11-06_13h38_52.png

Edited by HSW
Link to post
Share on other sites
  • Administrators
  • Solution

The MDC certificate is for communication between a mobile device and MDC. The proxy certificate is also used for communication between MDC and the ESMC server.

Before you revoke the old proxy certificate, make sure that MDC has received the new proxy certificate via a policy:

image.png

Link to post
Share on other sites

Ah thanks i did not see, there are 2 cert fields in MDC Policy. I change the cert and now wait if "used by XX" will change to the new cert.

EDIT: Changes are done and in the overview all is fine, i will wait some days bevor i revoke the old one.

THX!

Edited by HSW
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...