Connector and remote connection functionality is unavailable after changing or adding the Server IP address

Problem

If the IP address for connecting via the web server has been changed or added on the Server machine, the connectors cannot connect to the Server at the new IP address due to certificate validation errors. Device scanning with application sensors is unavailable when using the Remote connection polling method.

Solution

To use a new Server IP address, you need to replace/reissue the main Server certificate used for securing connections with connectors and application component services.

Main Server certificate replacement is part of the procedure of renewing certificates for connections between Kaspersky Industrial CyberSecurity for Networks nodes. As a result, when the main Server certificate is replaced, the old application sensor certificates are invalidated, which terminates any sensor-Server connections. To resume connections as part of the certificate renewal procedure, you will need to re-add and reconnect all sensors. You will also need to update the certificates used for connecting connectors.

To replace the main Server certificate and ensure that it can be used by connectors and application component services:

1. On the Server computer, go to the /opt/kaspersky/kics4net/sbin/ folder and enter the command to launch the script for local certificate update:

   sudo bash kics4net-update-certs.sh

2. After the script finishes, return all sensors to the initial state using the kics4net-reset-to-defaults.sh script that reverts the node to the initial state. The script is located on the computer with the installed application component in the /opt/kaspersky/kics4net/sbin/ folder.
3. Add and connect sensors again.
4. Update the certificates used for connecting connectors.

   You can update certificates for connecting unmanageable connectors (or connectors configured to ignore the functions of a manageable connector) when creating new communication data packages for connectors. To update the certificates of manageable connectors, you must remove these connectors and then add them again.