Frequently Asked Question

Required Permissions

Ensure you have the necessary permissions. If you're restricted, create a secondary admin account:

• ESET PROTECT: Create another admin user
• ESET PROTECT Cloud: Create a second admin user
• ESMC: Create an admin user in ESMC 7.x

Steps Involved

1. Install the new server
2. Export the CA from the new server
3. Export the Agent Certificate
4. Import CA to existing server
5. Migrate clients

Pre-Migration Caution

Decrypt all systems using ESET Full Disk Encryption. Re-encrypt after migration.

I. New ESET PROTECT Server Installation

• Use the All-in-One installer or manual methods (Windows, Linux, or Virtual Appliance) for installation.
• Import ESET licenses.

II. Export CA from the New Server

1. Open ESET PROTECT Web Console.
2. Go to More icon ... → Certification Authorities.
3. Export the public key (.der extension).

III. Export Agent Certificate

1. Access Web Console.
2. Navigate to More icon ... → Peer Certificates.
3. Export Agent certificate (.pfx extension).
4. Save .pfx and .der files to an accessible shared location.

IV. Import CA to Existing Server

1. Open Web Console on the existing server.
2. Go to More icon ... → Certification Authorities.
3. Click Actions → Import Public Key.
4. Upload the .der file and type in a description.

V. Migrating Client Computers

⚠️ Warning: Decrypt encrypted clients first.

1. Open the Web Console.
2. Navigate to Policies → Actions → New.
3. Add policy details.
4. Choose ESET Management Agent from Settings → Edit server list.
5. Add the FQDN/IP of the new server.
6. Change to a custom certificate and locate the exported Agent Certificate .pfx file.
7. Assign the policy to a test client.
8. Validate successful migration.
9. Apply the new policy to all other client computers.
10. Resolve any migration issues if necessary.
11. Decommission the old server carefully after verification.