Applies to Kaspersky Security Center 9.0
An Administration server certificate is used for Administration server authentication when connecting an Administration console or a client computer. It is also used for authentication when attempting to establish a connection between a master and a slave Administration server.
An Administration server certificate is created only once for each Administration server when it is being installed. The open key of a certificate is a klserver.cer file inside the %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert folder in Kaspersky Administration server installation folder.
An Administration server certificate is made up of two keys:
- A public key – a klserver.cer file inside the %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert (by default) folder in Kaspersky Administration server installation folder.
- A private key – stored inside the Windows Protected Storage.
An Administration server certificate is created only once for each Administration server when it is being installed. If an Administration server certificate is lost, you should reinstall the entire Administration server component and perform a data restore operation.
When an Administration console connects to an Administration server for the first time, it receives and locally saves a copy of that Administration server's certificate. In the future that Administration console requests the certificate from that Administration server for authentication purposes each time it connects to it.
If the requested certificate mismatches the copy saved on the computer hosting the Administration console, a request is displayed prompting to connect to a new Administration server and receive its certificate. If the action is authorized, the Console saves a copy of the new Administration server certificate and uses it to authenticate that new Administration server in the future.