Managing certificates for connecting to the KATA server / NDR server

Managing certificates requires the rights of a user with the Administrator (admin) role.

You can manage certificates used to connect to the KATA server / NDR server using commands. You can do the following with certificates:

• Add or replace the server certificate
• Display information about the server certificate
• Remove the server certificate
• Add or replace the client certificate
• Display information about the client certificate
• Remove the client certificate

To add or change a server certificate,

run one of the following commands:

• If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

  kesl-control [-R] --add-kataedr-server-certificate <file path>

• If you are configuring the integration using the Network Detection and Response (KATA) component:

  kesl-control [-R] --add-katandr-server-certificate <file path>

where <file path> is the path to the file containing the server certificate.

To add or change a client certificate:

1. Run one of the following commands:
   • If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

     kesl-control [-R] --add-kataedr-client-certificate <file path>

   • If you are configuring the integration using the Network Detection and Response (KATA) component:

     kesl-control [-R] --add-katandr-client-certificate <file path>

   where <file path> is the path to the cryptocontainer (PFX archive) containing the client certificate and private key.

2. If the cryptocontainer is password-protected, enter the password when prompted.

The client certificate is used for additional protection of the connection with the KATA server / NDR server if client certificate verification is enabled in the KATA server / NDR server settings and in the task settings of the Kaspersky Endpoint Detection and Response (KATA) Integration or Kaspersky Network Detection and Response (KATA) Integration task, UseClientPinnedCertificate is set to yes.

To display information about the server certificate,

run one of the following commands:

• If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

  kesl-control [-R] --query-kataedr-server-certificate

• If you are configuring the integration using the Network Detection and Response (KATA) component:

  kesl-control [-R] --query-katandr-server-certificate

To display information about the client certificate,

run one of the following commands:

• If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

  kesl-control [-R] --query-kataedr-client-certificate

• If you are configuring the integration using the Network Detection and Response (KATA) component:

  kesl-control [-R] --query-katandr-client-certificate

Running the command displays the following certificate information:

• certificate serial number
• certificate subject
• certificate issuer
• certificate start date
• certificate expiration date
• SHA1 and SHA256 certificate fingerprints

To remove a server certificate,

run one of the following commands:

• If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

  kesl-control [-R] --remove-kataedr-server-certificate

• If you are configuring the integration using the Network Detection and Response (KATA) component:

  kesl-control [-R] --remove-katandr-server-certificate

To remove a client certificate,

run one of the following commands:

• If you are configuring the integration using the Endpoint Detection and Response (KATA) component:

  kesl-control [-R] --remove-kataedr-client-certificate

• If you are configuring the integration using the Network Detection and Response (KATA) component:

  kesl-control [-R] --remove-katandr-client-certificate

Page top