Managing certificates requires the rights of a user with the Administrator (admin) role.
You can manage certificates used to connect to OSMP servers using commands. What you can do with certificates:
Managing certificates for the connection to the OSMP threat response server
To add or replace the threat response action server certificate, run the following command:
kesl-control [-R] --add-kataedr-server-certificate <file> --server-type response
<file> is the path to the file containing the server certificate.
To add or replace the client certificate for the threat response server connection:
kesl-control [-R] --add-kataedr-client-certificate <file> --server-type response
where <file> is the path to the cryptocontainer (PFX archive) containing the client certificate and private key.
The client certificate is used for additional protection of the connection to the OSMP server if client certificate verification is enabled in OSMP server settings and in the Kaspersky Endpoint Detection and Response Expert (on-premise) Integration task settings, the UseClientPinnedCertificate setting in the [KATAEDR] section has the value yes.
To display information about the threat response action server certificate, run the following command:
kesl-control [-R] --query-kataedr-server-certificate --server-type response
To display information about the client certificate used to secure the connection to the threat response action server, run the following command:
kesl-control [-R] --query-kataedr-client-certificate --server-type response
Running the command displays the following certificate information:
To delete the threat response action server certificate, run the following command:
kesl-control [-R] --remove-kataedr-server-certificate --server-type response
To delete the client certificate used to secure the connection to the threat response action server, run the following command:
kesl-control [-R] --remove-kataedr-client-certificate --server-type response
Managing certificates for connecting to the OSMP telemetry server
To add or replace the certificate of the telemetry server, run the following command:
kesl-control [-R] --add-kataedr-server-certificate <file> --server-type telemetry
<file> is the path to the file containing the server certificate.
To add or replace the client certificate for the telemetry server connection:
kesl-control [-R] --add-kataedr-client-certificate <file> --server-type telemetry
where <file> is the path to the cryptocontainer (PFX archive) containing the client certificate and private key.
The client certificate is used for additional protection of the connection to the OSMP server if client certificate verification is enabled in OSMP server settings and in the Kaspersky Endpoint Detection and Response Expert (on-premise) Integration task settings, the UseClientPinnedCertificate setting in the [TelemetrySettings] section has the value yes.
To display information about the telemetry server certificate, run the following command:
kesl-control [-R] --query-kataedr-server-certificate --server-type telemetry
To display information about the client certificate used to secure the connection to the telemetry server, run the following command:
kesl-control [-R] --query-kataedr-client-certificate --server-type telemetry
Running the command displays the following certificate information:
To delete the telemetry server certificate, run the following command:
kesl-control [-R] --remove-kataedr-server-certificate --server-type telemetry
To delete the client certificate used to secure the connection to the telemetry server, run the following command:
kesl-control [-R] --remove-kataedr-client-certificate --server-type telemetry