ESET Insiders zloyDi 4 Posted September 16, 2015 ESET Insiders Share Posted September 16, 2015 Hello, From here hxxp://help.eset.com/era_admin/62/en-US/index.html?admin_cert_peers.htm NOTE: If you delete the default ERA Certification Authority and create a new one, it will not work. You also need to assign it to your ERA Server machine and restart the ERA Server service. What does it mean "You also need to assign it to your ERA Server machine"? As I understand correctly this recommendation only if you deleted default ERA Certification Authority, but how to create it again and how assign it to your ERA Server machine without problem? Thank you for help. Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 316 Posted September 17, 2015 ESET Moderators Share Posted September 17, 2015 Hello, In case you create a new CA and delete the old one, the Agents will stop connecting because they have certificates signed by the old CA, which will no longer be present. If you export the CA's public key, you can later import it and the Agents will connect, you will just not be able to create new certificates using this CA - for that you will need to create a new CA. Link to comment Share on other sites More sharing options...
ESET Insiders zloyDi 4 Posted September 22, 2015 Author ESET Insiders Share Posted September 22, 2015 (edited) Hello, Thank you for answer. For example, I have working ERA 6.2 server, for example 5 PC's with agent and clients. I want to migrate to another server and I want to save certificate and move it to another server. I made export CA (ERA Certification Authority) and export node certificate(server). How to import it to the new ERA? If I install ERA 6 on the new server I must create new CA, but how to import old CA? Edited September 22, 2015 by zloyDi Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 316 Posted September 22, 2015 ESET Moderators Share Posted September 22, 2015 If you go to Admin > Certificates > Certification Authorities, you can click on Actions > Import Public Key. After importing the CA, the agents will continue to connect (as their certificate was signed by a CA which is now present on the server), provided the server's hostname or IP address configured at the agent will point to the machine where the server is currently installed. At this point, you can create a new certificate signed by the CA that was created during the new server's installation and then create a policy for all your agents in which you will change their certificate to the new one. This last step is optional - as long as you keep the previous CA imported, the agents will continue to connect. You will just not be able to create new certificates with the imported CA, only using the new CA. Link to comment Share on other sites More sharing options...
Recommended Posts