You can install the certificate in one of the following ways:

• Use the command to import the certificate to the storage of the local computer:

certutil -importpfx [pfx file] -p [password] 

Example: 

certutil -importpfx -p "" cert.p12

• Import the certificate using the MMC console.

The certificate must be installed to the storage on a local computer. The certificate will remain in the system if you remove the Integration Server.

How to view the parameters of the certificate binding

Before removing the old certificate, you can view the parameters of its binding to Integration Server and save them. The parameters include IP:port, Certificate Hash and Application ID. They can be used to restore initial settings. To view the parameters, run the following command:

netsh http show sslcert

Example of the command execution:

SSL Certificate bindings:
-------------------------
    IP:port                 : 10.20.30.40:8078
    Certificate Hash        : 7b0ef176aa839536686e8484aad0a44058519662
    Application ID          : {e3aa9184-8518-4486-879a-2c41fd88dba3}
    Certificate Store Name  : My
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          : (null)
    Ctl Store Name          : (null)
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Enabled

    IP:port                 : 0.0.0.0:8070
    Certificate Hash        : debd6c3c6180397e2c0f56ff27408a259ec59454
    Application ID          : {5ca18ed0-cbe9-418c-aede-f63f0324113c}
    Certificate Store Name  : My
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          : (null)
    Ctl Store Name          : (null)
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Enabled

How to remove the certificate binding to Integration Server

Run the command:

netsh http delete sslcert ipport=[iport]

Example:

netsh http delete sslcert ipport=0.0.0.0:8070

To bind the new certificate to the Integration Server port, run the following command:

netsh http add sslcert ipport=[ipport] certhash=[certificate hash] appid={c1e1e87f-1818-4ac3-897b-a8e10f790659}

Where the parameters represent:

• certhash — certificate fingerprint
• ipport — IP address and port

To perform binding on all network adapters, use 0.0.0.0 for the IP address parameter. The port number must match the one specified during the installation of the Integration Server.

Example:

netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={c1e1e87f-1818-4ac3-897b-a8e10f790659}

The certificate must contain a private key.

To restart the Integration Server:

1. Open the service administration console. To do so, go to Control Panel → Administrative Tools → Services.
2. Select Kaspersky Security for Virtualization Integration Server.
3. Open the shortcut menu and select Restart.

The Integration Server will restart and the new certificate for the Integration Server will be installed.