Integration with public key infrastructure

Integration of the application with the public key infrastructure (PKI) is required to simplify the issuance of domain certificates to users. Following integration, certificates are issued automatically.

The minimum supported PKI server version is Windows Server 2008.

You have to configure the account for integration with PKI. The account must meet the following requirements:

To create a permanent user profile, log on at least once under the configured user account on the device with Administration Server installed. In this user's certificate repository on the Administration Server device, install the Enrollment Agent certificate provided by domain administrators.

To configure integration with the public keys infrastructure:

  1. In the console tree, expand the Mobile Device Management folder and select the Certificates subfolder.
  2. In the workspace, click the Integrate with public key infrastructure button to open the Integration with PKI section of the Certificate issuance rules window.

    The Integration with PKI section of the Certificate issuance rules window opens.

  3. Select the Integrate issuance of certificates with PKI check box.
  4. In the Account field, specify the name of the user account to be used for integration with the public key infrastructure.
  5. In the Password field, enter the domain password for the account.
  6. In the Certificate template name in PKI system list, select the certificate template that will be used for the issuance of certificates to domain users.

    A dedicated service is run in Kaspersky Security Center under the specified user account. This service is responsible for issuing users' domain certificates. The service is run when the list of certificate templates is loaded by clicking the Refresh list button or when a certificate is generated.

  7. Click OK to save the settings.

Following integration, certificates are issued automatically.

See also:

Scenario: Mobile Device Management deployment
Page top