Creating a KSC server certificate

Expand all | Collapse all

A Kaspersky Security Center server certificate is required for securely connecting to Kaspersky IoT Secure Gateway 1000 through the Kaspersky Security Center 13.2 Web Console.

For detailed information about the requirements applied to Kaspersky Security Center server certificates, please refer to the section titled Requirements for user certificates in Kaspersky Security Center in the Kaspersky Security Center 13.2 Online Help Guide.

You can issue a new Kaspersky Security Center server certificate in the Kaspersky Security Center 13.2 Web Console.

To issue a new KSC server certificate through the Kaspersky Security Center 13.2 Web Console:

1. In the main window of the Kaspersky Security Center 13.2 Web Console, click the icon next to the name of the relevant Kaspersky Security Center Administration Server.

   The Administration Server properties window opens.

2. Select the Certificates section.
3. In the Administration Server authentication by UEFI protection devices settings block, select Certificate issued through Administration Server.
4. Click the Reissue button.
5. In the opened window, configure the connection address:
   • Use old connection address

     The address of the Administration Server to which Kaspersky IoT Secure Gateway 1000 connects will remain the same.

     This option is selected by default.

   • Change connection address to

     If you need Kaspersky IoT Secure Gateway 1000 to connect to a different address, specify the relevant address in this field.

6. Click OK to save the changes.

The new KSC server certificate will be issued.

To upload a Kaspersky Security Center certificate file in the Kaspersky IoT Secure Gateway 1000 web interface, the Kaspersky Security Center certificate file that was created through the web interface of the Kaspersky Security Center 13.2 Web Console must be saved on the local computer.

To save a Kaspersky Security Center certificate file that was created in the Kaspersky Security Center 13.2 Web Console:

1. In the web interface menu of the Kaspersky Security Center 13.2 Web Console, click the icon next to the name of the relevant Kaspersky Security Center Administration Server.

   The Administration Server properties window opens.

2. Select the Certificates section.
3. In the Administration Server authentication by UEFI protection devices settings group, select Certificate issued through Administration Server.
4. Click the Manage certificate button.
5. In the opened pane on the right, in the Connection address block, click the IP address of Kaspersky IoT Secure Gateway 1000 for which the certificate was issued.

The certificate file will begin to automatically download.

In Kaspersky IoT Secure Gateway 1000, you can download a Kaspersky Security Center certificate file only in CRT, CER, DER or PEM format. If necessary, you can use the OpenSSL tool to change the format of a Kaspersky Security Center certificate file. For example, to change the format of a certificate file from P12 to CRT, run the following command in the console:

openssl pkcs12 -in <certificate name>.p12 -clcerts -nokeys -out <certificate name>.crt

A created Kaspersky Security Center server certificate file needs to be added to Kaspersky IoT Secure Gateway 1000 to configure a connection with Kaspersky Security Center.

Page top