Jump to content

Change certificate after server crash


Arekn
 Share

Recommended Posts

Our server with ESET PROTECT has crashed and we weren't able to recover it. Unfortunately we didn't have certificates backed up. We have setup a new server but obviously agents aren't connecting. Is there a way to change certificates on all agents without walking up to each computer individually and going through the installer steps? Is it in a file somewhere that we could change with Powershell?

Link to comment
Share on other sites

8 minutes ago, Marcos said:

You'll need to generate a new live Agent installer and re-deploy it on clients.

Generating an Agent Live installer generates a .bat file. What should we do with it? Can we not just deploy an .msi through GPO instead?

Link to comment
Share on other sites

  • ESET Staff

In order to recover connectivity of already installed clients, it would require you to restore ESET PROTECT certificate and respective CA certificate - where both of them are store in PROTECT's database - so it depends on what means "crashed" .

Alternative, but more complicated solution is to re-deploy or use installation repair of AGENTs with new parameters, i.e. reinstall or modify existing AGENTs with newly created certificates. For this purpose, any deployment method can be used, so also GPO "script", etc.

Link to comment
Share on other sites

20 minutes ago, MartinK said:

In order to recover connectivity of already installed clients, it would require you to restore ESET PROTECT certificate and respective CA certificate - where both of them are store in PROTECT's database - so it depends on what means "crashed" .

RAID where our instance of ESET PROTECT was is unrecoverable.

Anyway, it seems I have found a .bat file that I exported from the server before it crashed. Does it contain the certificates? Is it possible to restore the connection without reinstalling the agents if I have this file?

Link to comment
Share on other sites

  • ESET Staff
On 11/15/2021 at 3:05 PM, Arekn said:

RAID where our instance of ESET PROTECT was is unrecoverable.

Anyway, it seems I have found a .bat file that I exported from the server before it crashed. Does it contain the certificates? Is it possible to restore the connection without reinstalling the agents if I have this file?

Unfortunately that is not enough as installers do contain only CA certificate and certificate for AGENTs, but for restoring connectivity, it is crucial to get certificate for ESET PROTECT Server, which is much more "sensitive" and it is normally stored only in it's database, especially public part that is required in this case - in other words, this certificate can be recovered only from database or manual export. This is due to security reasons, as leak of such certificate would enable possible "attacker" to get hold of the managed devices...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...