Enabling certificate-based authentication of KES devices

To enable certificate-based authentication of a KES device:

  1. Open the system registry of the client device that has Administration Server installed (for example, locally, using the regedit command in the StartRun menu).
  2. Go to the following hive:
    • For 32-bit systems:

      HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\.core\.independent\KLLIM

    • For 64-bit systems:

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\.core\.independent\KLLIM

  3. Create a key with the LP_MobileMustUseTwoWayAuthOnPort13292 name.
  4. Specify REG_DWORD as the key type.
  5. Set the key value on 1.
  6. Restart the Administration Server service.

Mandatory certificate-based authentication of the KES device using a shared certificate will be enabled after you run the Administration Server service.

The first connection of the KES device to the Administration Server does not require a certificate.

By default, certificate-based authentication of KES devices is disabled.

See also:

Scenario: Mobile Device Management deployment

Page top