Updating certificates

To connect securely to the Kaspersky IoT Secure Gateway 1000 web interface through a browser, you need an administrator certificate, a user certificate, and the root certificate that was used to sign the administrator certificate and user certificate.

You have to update certificates in the following cases:

If an administrator certificate or user certificate is about to expire, the appropriate notification is displayed, the icon appears in the menu on the left side of the screen next to the Users section, and the corresponding event is recorded in the operating system audit log. The user also receives a notification about the certificate expiration. After the certificate expires, the following happens:

When updating the certificate, you may have to restart the browser to clear the cache of the current Kaspersky IoT Secure Gateway 1000 connection session.

Loading widely known Certification Authority certificates is not recommended, as all servers that use certificates signed by these Certification Authority certificates will be trusted. This situation can lead to Kaspersky IoT Secure Gateway 1000 being compromised.

Using USB tokens

You can use USB tokens with a certificate key 4096 bits or 8192 bits of length to connect to the Kaspersky IoT Secure Gateway 1000 web interface.

To use a USB token:

  1. Connect a USB token to the computer that is used for connecting to the Kaspersky IoT Secure Gateway 1000 web interface.
  2. Install the software supplied for supporting the USB token operation.
  3. Export the token certificate using this software.
  4. Upload the exported certificate to Kaspersky IoT Secure Gateway 1000 as an administrator or user certificate, as described below.

Updating a root certificate

Before updating the root certificate, upload to the browser the .p12 archive containing the administrator certificate signed with the new root certificate. You can find the instructions on how to upload the certificate in the browser documentation.

Updating the root certificate is not possible in Mozilla Firefox browser starting from version 124. For more details on supported browsers, refer to the "Hardware and software requirements" section.

To update the root certificate information, do as follows:

  1. If the new root certificate is stored on a USB drive or token, connect it to the computer on which you are connected to the Kaspersky IoT Secure Gateway 1000 web interface.
  2. In the menu in the left part of the web interface page, select UsersUser settings.
  3. In the Root certificate subsection, click Update certificate.
  4. In the certificate update window, click Select certificate, and in the window that opens, select a valid root certificate file.

    Only files in the CRT, CER, DER, or PEM format can be added as a certificate. The certificate hash is uploaded to Kaspersky IoT Secure Gateway 1000.

  5. Wait for a successful download and click Save.

Information about the uploaded root certificate and its validity period is displayed in the Root certificate subsection. After that, update the administrator certificate and user certificate that are signed with the new root certificate.

After updating the root certificate, the administrator certificate must be renewed before disconnecting from the Kaspersky IoT Secure Gateway 1000 web interface.

Updating an administrator certificate

To update the administrator certificate:

  1. If the new administrator certificate is stored on a USB drive or token, connect it to the computer on which you are connected to the Kaspersky IoT Secure Gateway 1000 web interface.
  2. In the menu in the left part of the web interface page, select UsersUser settings.
  3. If the new administrator certificate is signed with a different root certificate, follow the preceding instructions to upload the required root certificate.

    In this case, update also the user certificate, so that the user can connect to the Kaspersky IoT Secure Gateway 1000 web interface.

  4. In the Administrator section, click the Update certificate button.
  5. In the certificate update window, click Select certificate, and in the window that opens, select a valid administrator certificate file.

    Only files in the CRT, CER, DER, or PEM format can be added as a certificate. The certificate hash is uploaded to Kaspersky IoT Secure Gateway 1000.

  6. Wait for a successful download and click Save.

The information about the administrator certificate is updated, and the information about the previously uploaded certificate is deleted. The connection session is terminated, reconnect to the Kaspersky IoT Secure Gateway 1000 web interface.

After updating the administrator certificate, if you also have updated the root certificate, remove the administrator certificate signed with the old root certificate from the browser. You can find the instructions on how to remove the certificate in the browser documentation.

Updating a user certificate

To update the user certificate:

  1. If the new user certificate is stored on a USB drive or token, connect it to the computer on which you are connected to the Kaspersky IoT Secure Gateway 1000 web interface.
  2. In the menu in the left part of the web interface page, select UsersUser settings.
  3. If the new user certificate is signed with a different root certificate, follow the preceding instructions to upload the required root certificate.
  4. In the User section, click the Update certificate button.
  5. In the certificate update window, click Select certificate, and in the window that opens, select a valid user certificate file.

    Only files in the CRT, CER, DER, or PEM format can be added as a certificate. The certificate hash is uploaded to Kaspersky IoT Secure Gateway 1000.

  6. Wait for a successful download and click Save.

The information about the user certificate is updated, and the information about the previously uploaded certificate is deleted. The user can use the updated certificate to connect to the Kaspersky IoT Secure Gateway 1000 web interface.

Page top