Issue

• Create and deploy a new certificate for new workstations to automatically join a Dynamic Group based on Certificate serial number

To create a new certificate or Certification Authority, or to create a new certificate set to other specific parameters for a certain group of client computers, see the following Knowledgebase article: 

• Create a new certificate or certification authority in ESET Security Management Center (7.x)

Details

Solution

To create a new certificate in ESET Security Management Center for new workstations to automatically join a Dynamic Group, follow the instructions below:

1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in. How do I open ESMC Web Console?

2. Click More → Peer Certificates → New → Certificate.
    
3. In the Basic section, complete the following attributes:
   1. Description: Type in a descriptive name to identify which computer or which Dynamic Groups this certificate will be for.
   2. Product: Select Agent from the drop-down menu (Agent is selected by default).

Figure 1-1
Click the image to view larger in new window
 

1. Click the Sign section and click <Select Certification Authority>. If you are using the ESMC Virtual Appliance, you also need to provide the Certification Authority Passphrase.

Figure 1-2
Click the image to view larger in new window
 

1. Select the certification authority that you want to use and then click OK. 

Figure 1-3
Click the image to view larger in new window
 

1. Click Finish. The new certificate with the description you chose in step 3 will be included in the list of Peer Certificates. Click the new certificate and select Edit from the context menu.

Figure 1-4
Click the image to view larger in new window
 

1. In the Edit Certificate window, copy the Serial number value (for example, by selecting the text and pressing Ctrl + C on your keyboard). 

Figure 1-5
Click the image to view larger in new window
 

1. Click Computers , click the gear icon  and select New Dynamic Group from the context menu. 

Figure 1-6
Click the image to view larger in new window

1. In the Basic section, type a descriptive name for the Dynamic Group in the Name field.

Figure 1-7
Click the image to view larger in new window
 

1. Click the Template section and click New.

Figure 1-8
Click the image to view larger in new window
 

1. In the Basic section, type a descriptive name in the Name field for the template.

Figure 1-9
Click the image to view larger in new window
 

1. Click Expression and click Add Rule. 

Figure 1-10
Click the image to view larger in new window
 

1. Expand Peer certificate, click Serial number to select it and then click OK.  

Figure 1-11
Click the image to view larger in new window
 

1. From the drop down menu, select = (equal). In the empty field, paste (Ctrl + V) or type in the serial number you copied in step 7. Click Finish. 

Figure 1-12
Click the image to view larger in new window
 

1. Click the Summary section to view details about the certificate. Click Finish when you are done making changes. Your new certificate will be displayed in the list of peer certificates (More → Certificates → Peer Certificates).

The new Dynamic Group is now ready to filter new workstations based on the certificate serial number. When you create an Agent installer, select the new certificate and it will be added to the new Dynamic Group.

KB Solution ID: KB6793 |Document ID: 25640|Last Revised: August 16, 2018