Configuring certificate monitoring

You can configure monitoring of certificates used for signing applications.

To configure certificate monitoring via the Application Console:

1. In the Application Console tree, open the context menu of the Kaspersky Embedded Systems Security for Windows node.
2. Select the Configure Trusted Zone settings menu option.

   The Trusted Zone window opens.

3. Select the Certificate monitoring tab.
4. Select the Enable certificate monitoring check box if you want the application to apply certificate monitoring rules.
5. Specify the value of the Notify about the expiration of the certificate setting if you want the application to publish an event about the approaching certificate expiration date in the system audit log a specified number of days before expiry. The default is 30 days.

   The application publishes an event about the approaching certificate expiration date once before restarting the application or the protected device. The application does not publish an event when the software signed with a certificate with an approaching expiration date is started again, if the application or the protected devices have not been restarted.

6. Add certificate monitoring rules.
7. In the Trusted Zone window, click Apply.

Kaspersky Embedded Systems Security for Windows applies the new certificate monitoring settings immediately. Information about the date and time when the settings were modified, and the values of the certificate monitoring settings before and after modification are saved to the system audit log.

In this section Adding certificate monitoring rules Exporting certificate monitoring rules

Page top