JimChev3 9 Posted April 18 Posted April 18 While waiting on the fix for Rocky-based on-prem appliance, I am enabling advanced security on my existing CentOS-based on-prem appliance (Server v11.0.199.0, Web Console v11.0.193.0) and I'm almost done. I've created the SHA256 cert authority and used it to sign new server and agent certificates. I've also applied the new SHA256 agent certificate to all of the ESET clients via an agent migration policy, which pointed them to the same server, but using the new agent certificate. So I've finished all steps up to the last one, step 10. At the moment, the old Server certificate shows a 1 under "# of clients using", which I'm sure is the ESET Protect appliance although the Certificate Usage option is grayed out so I can't see for sure. There is also an "Agent certificate for server assisted installation" certificate which shows 1 client using as well, which I can see is the ESET Protect appliance. So, my first question is about the "Agent certificate for server assisted installation". Do I need to do anything about migrating this one? My second question is about the ESET Protect appliance itself. That's the one device listed under Computers that I have NOT applied the agent migration policy to. Should I apply the new agent certificate via the migration policy to the ESET Protect appliance before performing the last step (Step 10) in KB7930, which is where I change to the new certificate under More->Settings->Connection->Change Certificate->Open certificate list, or does the last step handle that? My last question is, once this is completed, should I remove the old certificates, or is it best to just leave them? Will they be left behind when I migrate to the coming Rocky-based appliance?
Recommended Posts