Root privileges are required to manage certificates.
You can use commands to manage the certificates used to connect to the KICS for Networks server.
To add or replace the server certificate, run the following command:
kics-control [-K] --add-kics4networks-server-certificate <file path>
where <file path> is the path to the file that contains the certificate in DER or PEM format.
The server certificate is used to secure the connection to the integration server if the ProtocolType parameter is set to TCP in the settings of the Kaspersky Industrial CyberSecurity for Networks Integration task.
To add or change a client certificate:
kics-control [-K] --add-kics4networks-client-certificate <file path>
where <file path> is the path to the crypto container (PFX file) containing the server certificate.
The client certificate is used for additional protection of the connection with the KICS for Networks server if in the Kaspersky Industrial CyberSecurity for Networks Integration task settings the ProtocolType parameter is set to TCP and the UseClientPinnedCertificate parameter is set to Yes.
To display certificate information, run the following command:
kics-control [-K] --query-kics4networks-server-certificate
kics-control [-K] --query-kics4networks-client-certificate
Running the command displays the following certificate information:
To delete the server certificate information, run the following command:
kics-control [-K] --remove-kics4networks-server-certificate
To delete the client certificate information, run the following command:
kics-control [-K] --remove-kics4networks-client-certificate
If certificate usage is configured in the settings of the Integration with Kaspersky Industrial CyberSecurity for Networks task and the task is running, deletion of this certificate ends with an error.
Page top