Jump to content

Export a Public Key


zloyDi
 Share

Recommended Posts

  • ESET Insiders

Hello,

 

From here

hxxp://help.eset.com/era_admin/62/en-US/index.html?admin_cert_peers.htm

 

NOTE: If you delete the default ERA Certification Authority and create a new one, it will not work. You also need to assign it to your ERA Server machine and restart the ERA Server service.

 

What does it mean "You also need to assign it to your ERA Server machine"?

 

As I understand correctly this recommendation only if you deleted default ERA Certification Authority, but how to create it again and how assign it to your ERA Server machine without problem?

 

Thank you for help.

 

 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

In case you create a new CA and delete the old one, the Agents will stop connecting because they have certificates signed by the old CA, which will no longer be present.

If you export the CA's public key, you can later import it and the Agents will connect, you will just not be able to create new certificates using this CA - for that you will need to create a new CA.

Link to comment
Share on other sites

  • ESET Insiders

Hello,

 

Thank you for answer.

 

For example, I have working ERA 6.2 server, for example 5 PC's with agent and clients. I want to migrate to another server and I want to save certificate and move it

to another server. I made export CA (ERA Certification Authority) and export node certificate(server). How to import it to the new ERA?

If I install ERA 6 on the new server I must create new CA, but how to import old CA?

Edited by zloyDi
Link to comment
Share on other sites

  • ESET Moderators

If you go to Admin > Certificates > Certification Authorities, you can click on Actions > Import Public Key.

After importing the CA, the agents will continue to connect (as their certificate was signed by a CA which is now present on the server), provided the server's hostname or IP address configured at the agent will point to the machine where the server is currently installed.

At this point, you can create a new certificate signed by the CA that was created during the new server's installation and then create a policy for all your agents in which you will change their certificate to the new one.

This last step is optional - as long as you keep the previous CA imported, the agents will continue to connect. You will just not be able to create new certificates with the imported CA, only using the new CA.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...