The table below shows the requirements for custom certificates specified for different components of Kaspersky Security Center.
Requirements for Kaspersky Security Center certificates
Certificate type |
Requirements |
Comments |
---|---|---|
Common certificate, Common reserve certificate ("C", "CR") |
Minimum key length: 2048. Basic constraints:
Key Usage:
Extended Key Usage (optional): server authentication, client authentication. |
Extended Key Usage parameter is optional. Path Length Constraint value may be an integer different from "None", but not less than 1. |
Mobile certificate, Mobile reserve certificate ("M", "MR") |
Minimum key length: 2048. Basic constraints:
Key Usage:
Extended Key Usage (optional): server authentication. |
Extended Key Usage parameter is optional. Path Length Constraint value may be an integer different from "None", if Common certificate has a Path Length Constraint value not less than 1. |
Certificate CA for auto-generated user certificates ("MCA") |
Minimum key length: 2048. Basic constraints:
Key Usage:
Extended Key Usage (optional): server authentication, client authentication. |
Extended Key Usage parameter is optional. Path Length Constraint value may be an integer different from "None," if Common certificate has a Path Length Constraint value not less than 1. |
Web Server certificate |
Extended Key Usage: server authentication. The PKCS #12 / PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the The certificate meets the effective requirements of browsers imposed on server certificates, as well as the current baseline requirements of the CA/Browser Forum. |
|
Kaspersky Security Center Web Console certificate |
The PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the The certificate meets the effective requirements of browsers to server certificates, as well as the current baseline requirements of the CA/Browser Forum. |
Encrypted certificates are not supported by Kaspersky Security Center Web Console. |