Configuring certificate monitoring

You can configure monitoring of certificates used for signing applications.

To configure certificate monitoring via the Administration Plug-in:

1. In the Administration Plug-in, go to the Trusted Zone settings in the policy that you want to configure.
   1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
   2. Select the administration group for which you want to configure the task.
   3. Select the Policies tab.
   4. Double-click the policy name you want to configure.
   5. In the Properties: <Policy name> window that opens, select the Supplementary section.
   6. In the Trusted Zone section, click Settings.

      The Trusted Zone window opens.

2. Select the Certificate monitoring tab.
3. Select the Enable certificate monitoring check box if you want the application to apply certificate monitoring rules.
4. Specify the value of the Notify about the expiration of the certificate setting if you want the application to publish an event about the approaching certificate expiration date in the system audit log a specified number of days before expiry. The default is 30 days.

   The application publishes an event about the approaching certificate expiration date once before restarting the application or the protected device. The application does not publish an event when the software signed with a certificate with an approaching expiration date is started again, if the application or the protected devices have not been restarted.

5. Add certificate monitoring rules.
6. In the Trusted Zone window, click the OK button.

Kaspersky Embedded Systems Security for Windows applies the new certificate monitoring settings immediately. Information about the date and time when the settings were modified, and the values of the certificate monitoring settings before and after modification are saved to the system audit log.

In this section Adding certificate monitoring rules Exporting certificate monitoring rules

Page top